Login Sign Up

CVE-2023-34251

9.9 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2023-34251 is a server-side template injection vulnerability in Grav CMS that allows authenticated users with page editing privileges to execute arbitrary PHP code. This leads to remote code execution on the server, potentially compromising the entire system. All Grav installations prior to version 1.7.42 are affected.

💻 Affected Systems

Products:
  • Grav CMS
Versions: All versions prior to 1.7.42
Operating Systems: All platforms running Grav
Default Config Vulnerable: ⚠️ Yes
Notes: Requires user with page editing privileges; default admin accounts have this capability.

📦 What is this software?

Grav by Getgrav

View all CVEs affecting Grav →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the web server, accessing sensitive data, installing backdoors, and pivoting to other systems.

🟠

Likely Case

Attacker with page editing privileges executes arbitrary code to steal credentials, modify content, or install malware on the server.

🟢

If Mitigated

Limited impact if proper access controls restrict page editing to trusted administrators only.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated user with page editing privileges; proof-of-concept code is publicly available in advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.7.42

Vendor Advisory: https://github.com/getgrav/grav/security/advisories/GHSA-f9jf-4cp4-4fq5

Restart Required: No

Instructions:

1. Backup your Grav installation. 2. Update Grav to version 1.7.42 or later via package manager or manual download. 3. Clear cache if needed.

🔧 Temporary Workarounds

Restrict Page Editing Privileges

all

Temporarily remove page editing capabilities from non-essential users until patching.

🧯 If You Can't Patch

  • Implement strict access controls to limit page editing to only essential, trusted administrators
  • Monitor administrator accounts and page edit logs for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check Grav version in admin panel or via CLI: php bin/grav version

Check Version:

php bin/grav version

Verify Fix Applied:

Confirm version is 1.7.42 or higher using same commands

📡 Detection & Monitoring

Log Indicators:

  • Unusual page edit activity from admin accounts
  • PHP execution attempts in template files
  • Suspicious file modifications

Network Indicators:

  • Unexpected outbound connections from web server
  • Command and control traffic patterns

SIEM Query:

source="grav_logs" AND (event="page_edit" OR event="template_modify") AND user NOT IN ["trusted_admins"]

📊 Metadata

CVE ID: CVE-2023-34251
CVSS v3 Score: 9.9 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-94
Published: June 14, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-34251, you might also want to check these:

CVE-2025-62521 10.0

CVE-2025-62521 is a critical pre-authentication remote code execution vulnerability in ChurchCRM tha...

Same vulnerability type (CWE-94)
CVE-2026-26216 10.0

Crawl4AI versions before 0.8.0 contain an unauthenticated remote code execution vulnerability in the...

Same vulnerability type (CWE-94)
CVE-2021-22205 10.0

CVE-2021-22205 is a critical remote code execution vulnerability in GitLab CE/EE where improper vali...

Same vulnerability type (CWE-94)