Lucene search

[email protected]CVE-2021-41243

HistoryNov 26, 2021 - 6:15 p.m.

CVE-2021-41243

2021-11-2618:15:07

CWE-78

[email protected]

web.nvd.nist.gov

cve-2021-41243

zip slip

os command injection

basercms

management system

file upload

arbitrary commands

vulnerability

security update

nvd

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

9.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.4%

JSON

There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible.

Affected configurations

Vulners

NVD

Node

baserprojectbasercmsRange<4.5.4

CPENameOperatorVersion
basercms:basercmsbasercmslt4.5.4

CPE	Name	Operator	Version
basercms:basercms	basercms	lt	4.5.4

CNA Affected

[
  {
    "product": "basercms",
    "vendor": "baserproject",
    "versions": [
      {
        "status": "affected",
        "version": "< 4.5.4"
      }
    ]
  }
]