GHSA-H6JM-F4HH-FW27 October CMS has Safe Mode Bypass via Twig Database Write Operations
A vulnerability was identified in the Twig sandbox security policy that allowed database write operations when cms.safemode is enabled. Backend users with Developer permissions could use Twig template markup to execute insert, update, and delete operations on any database table through the query...