What is CVE-2024-54149?

CVE-2024-54149 is a high-severity vulnerability in Wintercms Winter, classified under Incomplete List of Disallowed Inputs. CVSS score: 8.5/10. Published 2024-12-09.

How severe is CVE-2024-54149?

High severity. CVSS v3 base score is 8.5 out of 10.

Vulnerability in Wintercms Winter

CVE-2024-54149

Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow users with access to the CMS templates sections that modify Twig files to bypas…

EPSS: 0.001 (22.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H.

Affected products

Wintercms Winter — versions >= 1.2.0, < 1.2.7, >= 1.1.0, < 1.1.11, < 1.0.476

Weakness classification (CWE)

CWE-184 — Incomplete List of Disallowed Inputs

References

https://github.com/wintercms/winter/security/advisories/GHSA-xhw3-4j3m-hq53 (x_refsource_CONFIRM)
https://github.com/wintercms/winter/commit/fb88e6fabde3b3278ce1844e581c87dcf7daee22 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-54149?: CVE-2024-54149 is a high-severity vulnerability in Wintercms Winter, classified under Incomplete List of Disallowed Inputs. CVSS score: 8.5/10. Published 2024-12-09.
How severe is CVE-2024-54149?: High severity. CVSS v3 base score is 8.5 out of 10.