Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Admin-only web panel access sets PR:H and AV:N; DSN injection yields partial data and connection integrity impact only.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, Database::__call builds PDO DSN strings by directly concatenating user-configurable YAML values from fields such as host, dbname, charset, server, database, directory, and filename without sanitization or validation, allowing an administrator with plugin configuration access to inject DSN attributes or path traversal values. This issue is fixed in version 1.2.0.
AnalysisAI
DSN string injection in grav-plugin-database prior to version 1.2.0 allows an administrator with Grav CMS plugin configuration access to manipulate PDO database connection strings by injecting unsanitized YAML field values. The vulnerable Database::__call method concatenates fields such as host, dbname, charset, server, database, directory, and filename directly into DSN strings without validation, enabling DSN attribute injection or path traversal to redirect database connections to unintended targets. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires administrator-level access to the Grav CMS plugin configuration interface - specifically, the ability to write to the database plugin's YAML configuration fields (host, dbname, charset, server, database, directory, filename). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score of 5.1 with vector AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N accurately reflects the constrained real-world risk: exploitation requires PR:H (high-privilege, administrator-level) access to the Grav plugin configuration interface, substantially limiting the attack surface to insider threats or compromised admin accounts. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained Grav CMS administrator credentials - through credential stuffing, phishing, or a compromised account - navigates to the Database plugin configuration panel and modifies the `host` or `directory` YAML field to include injected DSN attributes such as `localhost;unix_socket=/var/run/attacker/malicious.sock` or a path traversal value like `../../sensitive_dir`. When the plugin subsequently invokes `Database::__call`, the malformed DSN is passed to PDO, redirecting the database connection to an unintended socket or filesystem location, potentially exposing data from an alternate database or traversing to restricted file paths. … |
| Remediation | Upgrade grav-plugin-database to version 1.2.0, which addresses the issue per the upstream commit at https://github.com/getgrav/grav-plugin-database/commit/f6d058785c9e23df7efc5ea7556f8746fef286df and the release tag at https://github.com/getgrav/grav-plugin-database/releases/tag/1.2.0. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Server-Side Template Injection (SSTI) vulnerability exists
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, due to improper authorization checks when modifying critical
A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plug
Grav is a file-based Web platform. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low a
GravCMS 1.10.7 allows unauthenticated remote attackers to write arbitrary YAML configuration files, leading to full serv
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a user with admin panel access and permissions to create or e
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, Grav CMS is vulnerable to a Server-Side Template Injection (S
Grav is an open-source, flat-file content management system. Rated high severity (CVSS 8.8), this vulnerability is remot
Grav is an open-source, flat-file content management system. Rated high severity (CVSS 8.8), this vulnerability is remot
Grav is an open-source, flat-file content management system. Rated high severity (CVSS 8.8), this vulnerability is remot
Grav is an open-source, flat-file content management system. Rated high severity (CVSS 8.8), this vulnerability is remot
Grav is an open-source, flat-file content management system. Rated high severity (CVSS 8.8), this vulnerability is remot
Same technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42948