CNNVD-202602-902 Information
CNNVD ID
CNNVD-202602-902
Related CVE
- CNNVD Published: 2026-02-06
Description (Chinese)
Winter是Winter开源的一款基于 Laravel PHP 框架的免费开源内容管理系统。 Winter 1.2.10之前版本存在安全漏洞,该漏洞源于允许具有CMS资源管理器访问权限的用户上传未经自动清理的SVG文件,可能导致安全风险。
Description (English)
Winter is a free open-source content management system based on the Laravel PHP framework. There was a security loophole in the previous version of Winter 1.2.10, which stemmed from the possibility that users with access rights to the CMS Resource Manager were allowed to upload SVG documents that had not been automatically cleared, which could lead to security risks.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Winter
Published
2026-02-06
Last Modified
2026-02-24
References
https://github.com/wintercms/winter/commit/8a7f74b004fcd19721764fc63af0cdb339d9fb65 https://github.com/wintercms/winter/releases/tag/v1.2.10 https://github.com/wintercms/winter/security/advisories/GHSA-m7gw-rffq-rxjm https://access.redhat.com/security/cve/cve-2026-22254
Patch
https://github.com/wintercms/winter/releases
Share on: