Lucene search

GitHub Advisory DatabaseGHSA-VRM6-C878-FPQ6

HistoryOct 26, 2023 - 8:52 p.m.

baserCMS Code Injection Vulnerability in Mail Form Feature

2023-10-2620:52:27

CWE-94

GitHub Advisory Database

github.com

basercms

mail form

code injection

vulnerability

update

security

shiga takuma

broadband security

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

40.0%

JSON

There is a Code Injection Vulnerability in Mail Form to baserCMS.

Target

baserCMS 4.7.6 and earlier versions

Vulnerability

Malicious code may be executed in Mail Form Feature.

Countermeasures

Update to the latest version of baserCMS

Please refer to the following page to reference for more information.
https://basercms.net/security/JVN_45547161

Credits

Shiga Takuma@BroadBand Security, Inc

Affected configurations

Vulners

Node

baserprojectbasercmsRange≤4.7.6

CPENameOperatorVersion
baserproject/basercmsle4.7.6

CPE	Name	Operator	Version
	baserproject/basercms	le	4.7.6

References

basercms.net/security/JVN_45547161

github.com/advisories/GHSA-vrm6-c878-fpq6

github.com/baserproject/basercms/security/advisories/GHSA-vrm6-c878-fpq6

nvd.nist.gov/vuln/detail/CVE-2023-43792

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

40.0%

JSON

Related for GHSA-VRM6-C878-FPQ6