Grav CMS Unauthenticated RCE (CVE-2021-21425)
Description
The Grav CMS Admin Plugin contains an authentication bypass vulnerability (CVE-2021-21425) that allows unauthenticated attackers to invoke privileged administrator controller methods. This flaw enables attackers to write or update arbitrary YAML configuration files without authentication, which can be leveraged to inject malicious code and achieve remote code execution on the server.
Remediation
Apply the following remediation steps immediately:
1. Upgrade Grav CMS to version 1.7.10 or later, which addresses this vulnerability
2. If immediate upgrade is not possible, disable the Admin Plugin until the upgrade can be performed
3. Review server logs for any suspicious activity, particularly unauthorized access to administrator endpoints
4. Inspect YAML configuration files for unauthorized modifications
5. After upgrading, verify that the Admin Plugin is properly enforcing authentication on all administrative functions
6. Implement network-level access controls to restrict access to the admin interface to trusted IP addresses only