GMS-2022-3144: Bypass of CMS Safe Mode Security Feature
(updated )
Authenticated users with permissions to create or modify theme template objects through the backend CMS editor can exploit this vulnerability to bypass the cms.enableSafeMode
security feature if enabled (disables modification of PHP code through the web interface when enabled). This is only an issue for Winter CMS instances that rely on the Safe Mode security feature to prevent privileged users from modifying the PHP code of CMS theme template objects through the web interface.
References
Detect and mitigate GMS-2022-3144 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →