In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade winter/wn-cms-module
to version 1.2.7 or higher.
Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs through the manipulation of Twig templates. An attacker can modify or delete data by bypassing the sandbox restrictions designed to limit template capabilities.
Note:
This is only exploitable if the attacker has backend access with permissions such as cms.manage_layouts
, cms.manage_pages
, or cms.manage_partials
.