229 matches found
EUVD-2023-3092
Malicious code in bioql PyPI...
EUVD-2024-3523
Malicious code in bioql PyPI...
EUVD-2023-2167
Malicious code in bioql PyPI...
CVE-2024-29686
Server-side Template Injection SSTI vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only be entered by a trusted user, such as the...
CVE-2024-54149
Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and modify resources such...
Wiz Named #1 CDR Solution by G2
Wiz was named the leader in the Winter 2025 CDR Grid Report, based on independent customer reviews...
CVE-2022-39357
Winter is a free, open-source content management system based on the Laravel PHP framework. The Snowboard framework in versions 1.1.8, 1.1.9, and 1.2.0 is vulnerable to prototype pollution in the main Snowboard class as well as its plugin loader. The 1.0 branch of Winter is not affected, as it do...
CVE-2024-32003
wn-dusk-plugin Dusk plugin is a plugin which integrates Laravel Dusk browser testing into Winter CMS. The Dusk plugin provides some special routes as part of its testing framework to allow a browser environment such as headless Chrome to act as a user in the Backend or User plugin without having ...
Sandbox Bypass
winter/wn-cms-module is vulnerable to Sandbox Bypass. The vulnerability is due to inadequate enforcement of the sandbox in Twig, allowing users with specific permissions to modify theme customization values, templates, or model data through Twig templates...
Incomplete List of Disallowed Inputs
Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs through the manipulation of Twig templates. An attacker can modify or delete data by bypassing the sandbox restrictions designed to limit template capabilities. Note: This is only exploitable if the...
CVE-2024-54149
Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and modify resources such...
CVE-2024-54149 Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion
Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and modify resources such...
CVE-2024-54149 Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion
Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and modify resources such...
CVE-2024-54149
Winter CMS has a sandbox bypass in Twig templates that affects versions prior to 1.2.7, 1.1.11, and 1.0.476. If an attacker has backend access with cms.manage_layouts, cms.manage_pages, or cms.manage_partials, they can modify or delete theme resources and potentially manipulate model data passed ...
CVE-2024-54149 Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion
Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and modify resources such...
GHSA-XHW3-4J3M-HQ53 Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion
Impact Affected versions of Winter CMS allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and modify resources such as theme customisation values or modify, or remove, templates in the theme even if not provided direct access vi...
Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion
Impact Affected versions of Winter CMS allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and modify resources such as theme customisation values or modify, or remove, templates in the theme even if not provided direct access vi...
PT-2024-36072 · Unknown · Winter Cms
Name of the Vulnerable Software and Affected Versions: Winter CMS versions prior to 1.2.7 Winter CMS versions prior to 1.1.11 Winter CMS versions prior to 1.0.476 Description: The issue allows users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on...
Winter 安全漏洞
Winter is a free and open source content management system based on the Laravel PHP framework by Winter Open Source. A security vulnerability exists in Winter versions prior to 1.2.7, 1.1.11, and 1.0.476, which stems from a user being able to bypass the sandboxing restriction of Twig files by...
Improper Privilege Management
winter/wn-dusk-plugin is vulnerable to Improper Privilege Management. The vulnerability is due to the exposure of a route URL/dusk/login/USER ID/MANAGER that allows unauthenticated access to user accounts in Winter CMS instances with the Dusk plugin installed and configured improperly...