Security Advisory

CVE-2021-47812

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-15 23:25:54

Last updated 2026-04-07 14:06:15

Assigner VulnCheck

State PUBLISHED

Description

GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious custom jobs with system command execution.

← Browse all CVEs View on cve.org ↗