Vulnerability in Getgrav Grav

CVE-2026-58493

grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, Database::__call builds PDO DSN strings by directly concatenating user-configurable YAML values from fields such as host, dbname, charset, server, database, director…

Affected products

Weakness classification (CWE)

References