Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Winter: Privilege escalation by authenticated backend users
Vulnerability Description
Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modifying the roles / permissions assigned to their account through specially crafted requests to the backend while logged in. To actively exploit this security issue, an attacker would need access to the Backend with a user account with any level of access. This vulnerability is fixed in 1.0.477, 1.1.12, and 1.2.12.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
访问控制不恰当
Vulnerability Title
Winter 安全漏洞
Vulnerability Description
Winter是Winter开源的一款基于 Laravel PHP 框架的免费开源内容管理系统。 Winter 1.0.477之前版本、1.1.12之前版本和1.2.12之前版本存在安全漏洞,该漏洞源于权限分配不当,可能导致经过身份验证的后端用户通过特制请求提升账户访问权限。
CVSS Information
N/A
Vulnerability Type
N/A