Security Advisory - Published 2026-07-06 - PHP CMS / Control Panel

PHP CMS and control panel batch: verify versions, admin activity, database logs, and vendor status

This batch covers Grav CMS, Control Web Panel, and a DokuWiki record that is marked disputed by supplier-side discussion. The practical response is to verify versions, preserve logs, and separate confirmed patching work from records that need vendor-status review.

Defensive scope: check systems you own or are approved to repair. This page does not include offensive test strings or unauthorized testing steps.

Affected CVEs in this batch

CVEProductAffectedReviewCVSS
CVE-2026-57517Control Web Panelbefore 0.9.8.1225panel logs, database errors, mail/webmail records, and new admin users9.8
CVE-2026-37106DokuWiki2025-05-14b Librarianregistration settings, auth logs, and supplier dispute notes9.8
CVE-2026-56700Grav CMSbefore 2.0.0-beta.2scheduler, cache, and admin activity9.8

What to check

  • Grav CMS version, admin plugins, scheduler jobs, cache state, and file changes around the exposure window.
  • Control Web Panel version before 0.9.8.1225, panel access logs, database errors, mail/webmail activity, and administrator changes.
  • DokuWiki registration settings and authentication logs, while tracking supplier dispute notes before making incident claims.
  • Backups, cron jobs, web-root file changes, and privileged accounts created during the same period.

Safe fix path

  1. Patch Grav and Control Web Panel before returning the services to public traffic.
  2. Keep DokuWiki in a verification lane if your version matches the disputed record; do not call it compromised without log evidence.
  3. Preserve panel logs, CMS logs, database logs, mail logs, cron output, and file timestamps before cleanup.
  4. Rotate panel, CMS, database, SMTP, and API credentials if privileged activity is unexplained.

Compromise indicators

  • New administrator accounts, changed panel settings, changed CMS configuration, or unexpected scheduler jobs.
  • Database errors, mail queue changes, or webmail access that does not match normal operations.
  • Modified cache, plugin, theme, or web-root files outside a planned maintenance window.
  • DokuWiki registrations or authentication events that do not match the site's real user flow.

When to ask Ping7 for repair

Use Ping7 CVE Repair when panel or CMS integrity is uncertain, logs need preservation before patching, or a disputed record still requires version and evidence review.

References