Skip to main content

Winter

7 CVEs product

Monthly

CVE-2024-54149 PHP HIGH PATCH This Week

Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass PHP Winter
NVD GitHub
CVSS 3.1
8.4
EPSS
0.4%
CVE-2024-29686 PHP HIGH POC This Week

Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Winter
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
1.8%
CVE-2023-52085 PHP MEDIUM POC PATCH THREAT This Month

Winter is a free, open-source content management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Winter
NVD GitHub
CVSS 3.1
5.4
EPSS
30.2%
CVE-2023-52084 PHP MEDIUM PATCH This Month

Winter is a free, open-source content management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Winter
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-52083 PHP MEDIUM PATCH This Month

Winter is a free, open-source content management system. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Winter
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-37269 PHP MEDIUM POC PATCH This Month

Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Winter
NVD GitHub Exploit-DB
CVSS 3.1
4.8
EPSS
2.7%
CVE-2022-39357 PHP CRITICAL PATCH Act Now

Winter is a free, open-source content management system based on the Laravel PHP framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Information Disclosure PHP Prototype Pollution Winter
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass PHP Winter
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Winter
NVD Exploit-DB
EPSS 30% CVSS 5.4
MEDIUM POC PATCH THREAT This Month

Winter is a free, open-source content management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Winter
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Winter is a free, open-source content management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Winter
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Winter is a free, open-source content management system. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Winter
NVD GitHub
EPSS 3% CVSS 4.8
MEDIUM POC PATCH This Month

Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Winter
NVD GitHub Exploit-DB
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Winter is a free, open-source content management system based on the Laravel PHP framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Information Disclosure PHP Prototype Pollution +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy