CVE-2024-29686

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-29686
Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only be entered by a trusted user, such as the owner of the server that hosts Winter CMS, or a developer working for them.

7.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://forum.ksec.co.uk/t/webapps-winter-cms-1-2-3-server-side-template-injection-ssti-authenticated/2779
https://wintercms.com/docs/v1.2/docs/cms/themes#template-structure
https://www.exploit-db.com/exploits/51893
Configurations

No configuration.

History

01 Aug 2024, 15:35

Type Values Removed Values Added
CWE CWE-97
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.2

11 Apr 2024, 01:25

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad de Server-side Template Injection (SSTI) en Winter CMS v.1.2.3 permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado en el campo Páginas del CMS y los componentes del complemento. NOTA: el proveedor cuestiona esto porque el payload solo puede ser ingresada por un usuario confiable, como el propietario del servidor que aloja Winter CMS, o un desarrollador que trabaja para ellos.

01 Apr 2024, 02:15

Type Values Removed Values Added
References
  • () https://wintercms.com/docs/v1.2/docs/cms/themes#template-structure -
Summary (en) Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. (en) Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only be entered by a trusted user, such as the owner of the server that hosts Winter CMS, or a developer working for them.

29 Mar 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-03-29 16:15

Updated : 2024-08-02 01:16

NVD link : CVE-2024-29686

Mitre link : CVE-2024-29686

CVE.ORG link : CVE-2024-29686

JSON object : View

Products Affected

No product.

CWE
CWE-97

Improper Neutralization of Server-Side Includes (SSI) Within a Web Page