Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only be entered by a trusted user, such as the owner of the server that hosts Winter CMS, or a developer working for them.
References
Configurations
No configuration.
History
01 Aug 2024, 15:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-97 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
11 Apr 2024, 01:25
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
01 Apr 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | (en) Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only be entered by a trusted user, such as the owner of the server that hosts Winter CMS, or a developer working for them. |
29 Mar 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-03-29 16:15
Updated : 2024-08-02 01:16
NVD link : CVE-2024-29686
Mitre link : CVE-2024-29686
CVE.ORG link : CVE-2024-29686
JSON object : View
Products Affected
No product.
CWE
CWE-97
Improper Neutralization of Server-Side Includes (SSI) Within a Web Page