Vulnerabilities

CVE-2021-47812 - GravCMS 1.10.7 - Arbitrary YAML Write/Update (Unauthenticated) (2)

2026-01-16 0 views admin
CVE-2021-47812 - GravCMS 1.10.7 - Arbitrary YAML Write/Update (Unauthenticated) (2)

CVE ID : CVE-2021-47812 Published : Jan. 15, 2026, 11:25 p.m. | 46 minutes ago Description : GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious custom jobs with system command execution. Severity: 9.3 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

Severity
CRITICAL
Published
Jan. 15, 2026
Affected Product: PHP

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2021-47812criticalphp

More from Vulnerabilities

CVE-2025-61937 - AVEVA Process Optimization Code Injection

CVE-2025-61937 - AVEVA Process Optimization Code Injection

2026-01-16 0
CVE-2025-65117 - AVEVA Process Optimization Use of Potentially Dangerous Function

CVE-2025-65117 - AVEVA Process Optimization Use of Potentially Dangerous Function

2026-01-16 0
CVE-2025-64729 - AVEVA Process Optimization Missing Authorization

CVE-2025-64729 - AVEVA Process Optimization Missing Authorization

2026-01-16 0
CVE-2025-64691 - AVEVA Process Optimization Code Injection

CVE-2025-64691 - AVEVA Process Optimization Code Injection

2026-01-16 0

Trending

1

Tech: Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

2026-01-15 • 4457 views
2

Tech: Data is the only moat

2026-01-15 • 4133 views
3

Tech: Pocket TTS: A high quality TTS that gives your CPU a voice

2026-01-15 • 3239 views
4

Tech: AWS European Sovereign Cloud

2026-01-15 • 2741 views
5

Tech: JuiceFS is a distributed POSIX file system built on top of Redis and S3

2026-01-15 • 2719 views