CVE-2022-2073 – CVE-2022-2073 is a code injection vulnerability... (How to Fix)

Q: What is the severity of CVE-2022-2073?

CVE-2022-2073 has a CVSS score of 7.2 (HIGH). CVE-2022-2073 is a code injection vulnerability in Grav CMS that allows attackers to execute arbitrary code on affected systems. This affects Grav installations prior to version 1.7.34. The vulnerability can be exploited through improper input handling in the CMS.

📋 TL;DR

CVE-2022-2073 is a code injection vulnerability in Grav CMS that allows attackers to execute arbitrary code on affected systems. This affects Grav installations prior to version 1.7.34. The vulnerability can be exploited through improper input handling in the CMS.

💻 Affected Systems

Products:

Grav CMS

Versions: All versions prior to 1.7.34

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all Grav CMS installations regardless of configuration.

📦 What is this software?

Grav by Getgrav

View all CVEs affecting Grav →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with remote code execution, data theft, and potential lateral movement within the network.

🟠

Likely Case

Website defacement, data manipulation, or installation of backdoors/malware on the Grav CMS instance.

🟢

If Mitigated

Limited impact with proper input validation and output encoding, potentially only affecting the Grav application itself.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires some level of access to the CMS interface, but the vulnerability is well-documented in public repositories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.7.34

Vendor Advisory: https://github.com/getgrav/grav/commit/9d6a2dba09fd4e56f5cdfb9a399caea355bfeb83

Restart Required: No

Instructions:

1. Backup your Grav installation. 2. Update Grav to version 1.7.34 or later using the Grav Package Manager (GPM) or by downloading from GitHub. 3. Clear the Grav cache.

🔧 Temporary Workarounds

Input Validation Enhancement

all

Implement strict input validation and output encoding for user-controlled data

🧯 If You Can't Patch

Implement strict WAF rules to block suspicious input patterns
Restrict access to Grav admin interface to trusted IP addresses only

🔍 How to Verify

Check if Vulnerable:

Check Grav version in admin panel or via CLI: php bin/gpm version

Check Version:

php bin/gpm version

Verify Fix Applied:

Confirm version is 1.7.34 or higher using the same commands

📡 Detection & Monitoring

Log Indicators:

Unusual PHP execution patterns in Grav logs
Suspicious input containing code injection attempts

Network Indicators:

Unexpected outbound connections from Grav server
Unusual traffic to Grav admin endpoints

SIEM Query:

source="grav.log" AND ("eval" OR "system" OR "exec" OR suspicious_input_pattern)

📊 Metadata

CVE ID: CVE-2022-2073

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: June 29, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/getgrav/grav/commit/9d6a2dba09fd4e56f5cdfb9a399caea355bfeb83 Patch,Third Party Advisory
https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66 Exploit,Patch,Third Party Advisory
https://github.com/getgrav/grav/commit/9d6a2dba09fd4e56f5cdfb9a399caea355bfeb83 Patch,Third Party Advisory
https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66 Exploit,Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-2073, you might also want to check these: