4 matches found
Server-Side Template Injection (SSTI)
wintercms/winter is vulnerable to Server-side Template Injection SSTI. The vulnerability is due to insufficient input validation, allowing an admin authenticated remote attacker to execute arbitrary code by injecting a crafted payload into the CMS Pages field and Plugin components...
Winter CMS Server-Side Template Injection (SSTI) vulnerability
Server-side Template Injection SSTI vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components...
CVE-2024-29686
CVE-2024-29686 describes a Server-side Template Injection (SSTI) in Winter CMS v1.2.3. The vulnerability allows a remote attacker to execute arbitrary code via a crafted payload in the CMS Pages field and Plugin components. Some sources note this could be exploited by an authenticated/admin user ...
PT-2024-22962 · Unknown · Winter Cms
Name of the Vulnerable Software and Affected Versions: Winter CMS version 1.2.3 Description: A Server-side Template Injection SSTI issue allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. The vendor disputes this vulnerability,...