Lucene search

K
cvelistGitHub_MCVELIST:CVE-2023-51450
HistoryFeb 22, 2024 - 2:50 p.m.

CVE-2023-51450 baserCMS OS command injection vulnerability in Installer

2024-02-2214:50:51
CWE-78
GitHub_M
www.cve.org
cve-2023-51450
basercms
os command injection

5.6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

0.0005 Low

EPSS

Percentile

16.4%

baserCMS is a website development framework. Prior to version 5.0.9, there is an OS Command Injection vulnerability in the site search feature of baserCMS. Version 5.0.9 contains a fix for this vulnerability.

CNA Affected

[
  {
    "vendor": "baserproject",
    "product": "basercms",
    "versions": [
      {
        "version": "< 5.0.9",
        "status": "affected"
      }
    ]
  }
]

5.6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

0.0005 Low

EPSS

Percentile

16.4%

Related for CVELIST:CVE-2023-51450