Lucene search

GitHub Advisory DatabaseGHSA-X73X-7GMX-W835

HistoryMay 13, 2022 - 1:41 a.m.

Arbitrary file delete in baserCMS

2022-05-1301:41:58

GitHub Advisory Database

github.com

basercms

remote attackers

arbitrary files

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

53.7%

JSON

baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to delete arbitrary files via unspecified vectors when the “File” field is being used in the mail form.

Affected configurations

Vulners

Node

baserprojectbasercmsRange4.0.0–4.0.5

baserprojectbasercmsRange≤3.0.14

VendorProductVersionCPE
baserprojectbasercms*cpe:2.3:a:baserproject:basercms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
baserproject	basercms	*	cpe:2.3:a:baserproject:basercms::::::::

References

jvn.jp/en/jp/JVN78151490/index.html

basercms.net/security/JVN78151490

github.com/advisories/GHSA-x73x-7gmx-w835

nvd.nist.gov/vuln/detail/CVE-2017-10843

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

53.7%

JSON

Related for GHSA-X73X-7GMX-W835