Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only be entered by a trusted user, such as the owner of the server that hosts Winter CMS, or a developer working for them.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Winter 安全漏洞
Vulnerability Description
Winter是基于 Laravel PHP 框架的免费、开源、自托管 CMS 平台。 Winter CMS v.1.2.3版本存在安全漏洞,该漏洞源于允许远程攻击者使用精心设计的有效负载通过 CMS 页面字段和插件组件执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A