Количество 2
Количество 2
CVE-2023-52085
Winter is a free, open-source content management system. Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential to lead to a Local File Inclusion vulnerability. This issue has been patched in v1.2.4.
GHSA-2x7r-93ww-cxrq
Winter CMS Local File Inclusion through Server Side Template Injection
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-52085 Winter is a free, open-source content management system. Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential to lead to a Local File Inclusion vulnerability. This issue has been patched in v1.2.4. | CVSS3: 3.3 | 35% Средний | около 2 лет назад |
| GHSA-2x7r-93ww-cxrq Winter CMS Local File Inclusion through Server Side Template Injection | CVSS3: 3.3 | 35% Средний | около 2 лет назад |
Уязвимостей на страницу