Vulnerabilities > Getgrav > Grav CMS > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-15 | CVE-2020-29553 | Cross-Site Request Forgery (CSRF) vulnerability in Getgrav Grav CMS The Scheduler in Grav CMS through 1.7.0-rc.17 allows an attacker to execute a system command by tricking an admin into visiting a malicious website (CSRF). | 8.8 |
| 2021-03-15 | CVE-2020-29555 | Path Traversal vulnerability in Getgrav Grav CMS The BackupDelete functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to delete arbitrary files on the underlying server by exploiting a path-traversal technique. | 8.1 |