CVE-2024-29686

Severity Score

7.2

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only be entered by a trusted user, such as the owner of the server that hosts Winter CMS, or a developer working for them.

Vulnerabilidad de Server-side Template Injection (SSTI) en Winter CMS v.1.2.3 permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado en el campo Páginas del CMS y los componentes del complemento. NOTA: el proveedor cuestiona esto porque el payload solo puede ser ingresada por un usuario confiable, como el propietario del servidor que aloja Winter CMS, o un desarrollador que trabaja para ellos.

*Credits: N/A

CVSS Scores

CISAv3.1 7.2

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

Poc

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-03-19 CVE Reserved
2024-03-29 CVE Published
2024-08-23 CVE Updated
2024-10-12 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-97: Improper Neutralization of Server-Side Includes (SSI) Within a Web Page

CAPEC

References (3)

URL	Tag	Source
https://forum.ksec.co.uk/t/webapps-winter-cms-1-2-3-server-side-template-injection-ssti-authenticated/2779
https://wintercms.com/docs/v1.2/docs/cms/themes#template-structure
https://www.exploit-db.com/exploits/51893

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
-		-				-		-		-