Vulnerability Details : CVE-2020-29556
The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.)
Vulnerability category: Directory traversalCross-site request forgery (CSRF)
Exploit prediction scoring system (EPSS) score for CVE-2020-29556
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less