Skyhex19

**Name of the Vulnerable Software and Affected Versions** Winter CMS versions prior to 1.0.477 Winter CMS versions prior to 1.1.12 Winter CMS versions prior to 1.2.12 **Description** Winter CMS, a content management system based on the Laravel PHP framework, had a flaw that allowed authenticated backend users to increase their access level within the system. This was achieved by sending specifically crafted requests to the backend, modifying the roles and permissions associated with their account. An attacker needed existing access to the backend with any user account to exploit this issue. The issue allows for privilege escalation. **Recommendations** Update to Winter CMS version 1.0.477 or later. Update to Winter CMS version 1.1.12 or later. Update to Winter CMS version 1.2.12 or later.