Lucene search

GitHub_MCVELIST:CVE-2023-25655

HistoryMar 23, 2023 - 7:23 p.m.

CVE-2023-25655 baserCMS allows any file to be uploaded

2023-03-2319:23:58

CWE-434

GitHub_M

www.cve.org

cve-2023-25655

basercms

file upload

vulnerability

patch

version 4.7.5

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.4%

JSON

baserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system of baserCMS. Version 4.7.5 contains a patch.

CNA Affected

[
  {
    "vendor": "baserproject",
    "product": "basercms",
    "versions": [
      {
        "version": "< 4.7.5",
        "status": "affected"
      }
    ]
  }
]

References

github.com/baserproject/basercms/commit/922025a98b0e697ab78f6a785a004e0729aa9100

github.com/baserproject/basercms/commit/9297629983ed908c7f51bf61a0231dde91404ebd

github.com/baserproject/basercms/releases/tag/basercms-4.7.5

github.com/baserproject/basercms/security/advisories/GHSA-mfvg-qwcw-qvc8

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.4%

JSON

Related for CVELIST:CVE-2023-25655