Name of the Vulnerable Software and Affected Versions Winter CMS versions prior to 1.0.475 Winter CMS versions prior to 1.1.9 Winter CMS versions prior to 1.2

Description The issue allows authenticated users with permissions to create or modify theme template objects through the backend CMS editor to bypass the cms.enableSafeMode security feature. This is a concern for Winter CMS instances relying on Safe Mode to prevent privileged users from modifying PHP code of CMS theme template objects through the web interface.

Recommendations For versions prior to 1.0.475, update to version 1.0.475 or later. For versions prior to 1.1.9, update to version 1.1.9 or later. For versions prior to 1.2, update to version 1.2 or later. As a temporary workaround, apply the patch from https://github.com/wintercms/storm/commit/03eb5ce3f2a271670574802b914f7bcaf07663c1 manually if unable to upgrade to the mentioned versions.