Lucene search
K

4 matches found

Veracode
Veracode
added 2024/04/01 4:18 a.m.24 views

Server-Side Template Injection (SSTI)

wintercms/winter is vulnerable to Server-side Template Injection SSTI. The vulnerability is due to insufficient input validation, allowing an admin authenticated remote attacker to execute arbitrary code by injecting a crafted payload into the CMS Pages field and Plugin components...

7.2CVSS7.8AI score0.01821EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/03/29 6:30 p.m.69 views

Winter CMS Server-Side Template Injection (SSTI) vulnerability

Server-side Template Injection SSTI vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components...

7.2CVSS8.3AI score0.01821EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2024/03/29 12:0 a.m.101 views

CVE-2024-29686

CVE-2024-29686 describes a Server-side Template Injection (SSTI) in Winter CMS v1.2.3. The vulnerability allows a remote attacker to execute arbitrary code via a crafted payload in the CMS Pages field and Plugin components. Some sources note this could be exploited by an authenticated/admin user ...

7.2CVSS7.9AI score0.01821EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/29 12:0 a.m.8 views

PT-2024-22962 · Unknown · Winter Cms

Name of the Vulnerable Software and Affected Versions: Winter CMS version 1.2.3 Description: A Server-side Template Injection SSTI issue allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. The vendor disputes this vulnerability,...

8.7CVSS8.2AI score0.01821EPSS
Exploits1References12
Rows per page
Query Builder