CVE-2023-52085
published 2023-12-29CVE-2023-52085: Winter is a free, open-source content management system. Users with access to backend forms that include a ColorPicker FormWidget can provide a value that…
PriorityP348medium5.4CVSS 3.1
AVNACLPRLUINSUCLILAN
EXPLOIT
EPSS
30.17%
98.0th percentile
Winter is a free, open-source content management system. Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential to lead to a Local File Inclusion vulnerability. This issue has been patched in v1.2.4.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| winter | wn-backend-module | >= 0 < 1.2.4 | 1.2.4 |
| wintercms | winter | < 1.2.4 | 1.2.4 |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Winter CMS Local File Inclusion through Server Side Template Injection
ghsa·2024-01-02
CVE-2023-52085 [LOW] CWE-22 Winter CMS Local File Inclusion through Server Side Template Injection
Winter CMS Local File Inclusion through Server Side Template Injection
### Impact
Users with access to backend forms that include a [ColorPicker FormWidget](https://wintercms.com/docs/v1.2/docs/backend/forms#color-picker) can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential to lead to a Local File Inclusion vulnerability.
By default, only the Brand Settings (backend.manage_branding) and Mail Brand Settings (system.manage_mail_templates) forms both include the colorpicker formwidget and pass the provided value to be compiled in LESS, however it is also common for themes to include it on their Theme Customization (cms.manage_theme_options) form and it is technically possible for the values on th
OSV
Winter CMS Local File Inclusion through Server Side Template Injection
osv·2024-01-02
CVE-2023-52085 [LOW] Winter CMS Local File Inclusion through Server Side Template Injection
Winter CMS Local File Inclusion through Server Side Template Injection
### Impact
Users with access to backend forms that include a [ColorPicker FormWidget](https://wintercms.com/docs/v1.2/docs/backend/forms#color-picker) can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential to lead to a Local File Inclusion vulnerability.
By default, only the Brand Settings (backend.manage_branding) and Mail Brand Settings (system.manage_mail_templates) forms both include the colorpicker formwidget and pass the provided value to be compiled in LESS, however it is also common for themes to include it on their Theme Customization (cms.manage_theme_options) form and it is technically possible for the values on th
No detection rules found.
Nuclei
Winter CMS Local File Inclusion - (LFI)
nuclei·CVSS 5.4
CVE-2023-52085 [MEDIUM] Winter CMS Local File Inclusion - (LFI)
Winter CMS Local File Inclusion - (LFI)
Winter is a free, open-source content management system. Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential to lead to a Local File Inclusion vulnerability. This issue has been patched in v1.2.4.
Template:
id: CVE-2023-52085
info:
name: Winter CMS Local File Inclusion - (LFI)
author: sanineng
severity: medium
description: |
Winter is a free, open-source content management system. Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. Thi
No writeups or analysis indexed.
https://github.com/wintercms/winter/commit/5bc9257fe2bc47d8b786a1b1bf96bafad23d8dddhttps://github.com/wintercms/winter/security/advisories/GHSA-2x7r-93ww-cxrqhttps://github.com/wintercms/winter/commit/5bc9257fe2bc47d8b786a1b1bf96bafad23d8dddhttps://github.com/wintercms/winter/security/advisories/GHSA-2x7r-93ww-cxrq
2023-12-29
Published