0.005 Low
EPSS
Percentile
77.5%
In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter.
sunu11.com/2018/10/31/baserCMS/
basercms.net/release/4_1_4
github.com/baserproject/basercms/issues/959