Skip to main content

Grav Database Plugin EUVDEUVD-2026-42948

| CVE-2026-58493 MEDIUM
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)
2026-07-10 GitHub_M
5.1
CVSS 4.0 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
5.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
3.8 LOW

Admin-only web panel access sets PR:H and AV:N; DSN injection yields partial data and connection integrity impact only.

3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jul 10, 2026 - 18:01 EUVD
Analysis Generated
Jul 10, 2026 - 17:12 vuln.today

DescriptionCVE.org

grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, Database::__call builds PDO DSN strings by directly concatenating user-configurable YAML values from fields such as host, dbname, charset, server, database, directory, and filename without sanitization or validation, allowing an administrator with plugin configuration access to inject DSN attributes or path traversal values. This issue is fixed in version 1.2.0.

AnalysisAI

DSN string injection in grav-plugin-database prior to version 1.2.0 allows an administrator with Grav CMS plugin configuration access to manipulate PDO database connection strings by injecting unsanitized YAML field values. The vulnerable Database::__call method concatenates fields such as host, dbname, charset, server, database, directory, and filename directly into DSN strings without validation, enabling DSN attribute injection or path traversal to redirect database connections to unintended targets. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Compromise or obtain Grav admin credentials
Delivery
Authenticate to Grav admin panel
Exploit
Navigate to Database plugin configuration
Install
Inject malicious DSN attribute or path traversal into YAML config field
C2
Plugin constructs poisoned PDO DSN string
Execute
PDO connects to unintended database or filesystem path
Impact
Access or influence unintended data

Vulnerability AssessmentAI

Exploitation Exploitation requires administrator-level access to the Grav CMS plugin configuration interface - specifically, the ability to write to the database plugin's YAML configuration fields (host, dbname, charset, server, database, directory, filename). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 5.1 with vector AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N accurately reflects the constrained real-world risk: exploitation requires PR:H (high-privilege, administrator-level) access to the Grav plugin configuration interface, substantially limiting the attack surface to insider threats or compromised admin accounts. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained Grav CMS administrator credentials - through credential stuffing, phishing, or a compromised account - navigates to the Database plugin configuration panel and modifies the `host` or `directory` YAML field to include injected DSN attributes such as `localhost;unix_socket=/var/run/attacker/malicious.sock` or a path traversal value like `../../sensitive_dir`. When the plugin subsequently invokes `Database::__call`, the malformed DSN is passed to PDO, redirecting the database connection to an unintended socket or filesystem location, potentially exposing data from an alternate database or traversing to restricted file paths. …
Remediation Upgrade grav-plugin-database to version 1.2.0, which addresses the issue per the upstream commit at https://github.com/getgrav/grav-plugin-database/commit/f6d058785c9e23df7efc5ea7556f8746fef286df and the release tag at https://github.com/getgrav/grav-plugin-database/releases/tag/1.2.0. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Grav

View all
CVE-2025-66294 HIGH POC
8.8 Dec 01

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Server-Side Template Injection (SSTI) vulnerability exists

CVE-2025-66301 CRITICAL POC
9.6 Dec 01

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, due to improper authorization checks when modifying critical

CVE-2025-50286 HIGH POC
8.1 Aug 06

A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plug

CVE-2024-34082 CRITICAL POC
9.9 May 15

Grav is a file-based Web platform. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low a

CVE-2021-47812 CRITICAL POC
9.8 Jan 16

GravCMS 1.10.7 allows unauthenticated remote attackers to write arbitrary YAML configuration files, leading to full serv

CVE-2025-66297 HIGH POC
8.8 Dec 01

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a user with admin panel access and permissions to create or e

CVE-2025-66299 HIGH POC
8.8 Dec 01

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, Grav CMS is vulnerable to a Server-Side Template Injection (S

CVE-2024-28119 HIGH POC
8.8 Mar 21

Grav is an open-source, flat-file content management system. Rated high severity (CVSS 8.8), this vulnerability is remot

CVE-2024-28118 HIGH POC
8.8 Mar 21

Grav is an open-source, flat-file content management system. Rated high severity (CVSS 8.8), this vulnerability is remot

CVE-2024-28117 HIGH POC
8.8 Mar 21

Grav is an open-source, flat-file content management system. Rated high severity (CVSS 8.8), this vulnerability is remot

CVE-2024-28116 HIGH POC
8.8 Mar 21

Grav is an open-source, flat-file content management system. Rated high severity (CVSS 8.8), this vulnerability is remot

CVE-2024-27921 HIGH POC
8.8 Mar 21

Grav is an open-source, flat-file content management system. Rated high severity (CVSS 8.8), this vulnerability is remot

Share

EUVD-2026-42948 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy