admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-31 18:51:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-296xx/CVE-2024-29686.json

28 lines
1.1 KiB
JSON
Raw Normal View History

Auto-Update: 2024-03-29T17:00:30.730455+00:00
2024-03-29 17:03:19 +00:00
{
"id": "CVE-2024-29686",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-29T16:15:08.047",
Auto-Update: 2024-04-01T04:00:38.555916+00:00
2024-04-01 04:03:28 +00:00
"lastModified": "2024-04-01T02:15:07.663",
Auto-Update: 2024-04-01T02:00:32.415320+00:00
2024-04-01 02:03:21 +00:00
"vulnStatus": "Awaiting Analysis",
Auto-Update: 2024-03-29T17:00:30.730455+00:00
2024-03-29 17:03:19 +00:00
"descriptions": [
{
"lang": "en",
Auto-Update: 2024-04-01T04:00:38.555916+00:00
2024-04-01 04:03:28 +00:00
"value": "Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only be entered by a trusted user, such as the owner of the server that hosts Winter CMS, or a developer working for them."
Auto-Update: 2024-03-29T17:00:30.730455+00:00
2024-03-29 17:03:19 +00:00
}
],
"metrics": {},
"references": [
{
"url": "https://forum.ksec.co.uk/t/webapps-winter-cms-1-2-3-server-side-template-injection-ssti-authenticated/2779",
"source": "cve@mitre.org"
},
Auto-Update: 2024-04-01T04:00:38.555916+00:00
2024-04-01 04:03:28 +00:00
{
"url": "https://wintercms.com/docs/v1.2/docs/cms/themes#template-structure",
"source": "cve@mitre.org"
},
Auto-Update: 2024-03-29T17:00:30.730455+00:00
2024-03-29 17:03:19 +00:00
{
"url": "https://www.exploit-db.com/exploits/51893",
"source": "cve@mitre.org"
}
]
}
Reference in New Issue Copy Permalink