JVN#92765814: Multiple vulnerabilities in baserCMS

2016-09-29T00:00:00
ID JVN:92765814
Type jvn
Reporter Japan Vulnerability Notes
Modified 2016-09-29T00:00:00

Description

## Description

baserCMS provided by baserCMS User Group is an opensource content management system.
baserCMS and bundled plugins "Blog", "Mail", "Feed", and "Uploader" contain the following vulnerabilities.

Cross-site request forgery (CWE-352) - CVE-2016-4879, CVE-2016-4881, CVE-2016-4884, CVE-2016-4885, CVE-2016-4886
When any of those plugins "Blog", "Mail", or "Feed" is enabled and a logged-in user in Administrative group accesses a malicious URL, the user may be forced to conduct unintended operations on the baserCMS server.

CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N | Base Score: 4.3
---|---|---
CVSS v2 | AV:N/AC:H/Au:N/C:N/I:P/A:N | Base Score: 2.6

Cross-site request forgery (CWE-352) - CVE-2016-4887
When "Uploader" plugin is enabled and a logged-in user in Administrative group accesses a malicious URL, the user may be forced to conduct unintended operations on the baserCMS server such as deletion of a file or alteration of access restriction configuration. CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N | Base Score: 5.4
---|---|---
CVSS v2 | AV:N/AC:H/Au:N/C:P/I:P/A:N | Base Score: 4.0

Cross-site request forgery (CWE-352) - CVE-2016-4876
When a logged-in user in Administrative group accesses a malicious URL, the user may be forced to create a PHP file in a certain directory. As a result, arbitrary PHP code may be executed on the server. CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N | Base Score: 4.3
---|---|---
CVSS v2 | AV:N/AC:H/Au:N/C:N/I:P/A:N | Base Score: 2.6

Cross-site request forgery (CWE-352) - CVE-2016-4878, CVE-2016-4882
When a logged-in user in Administrative group accesses a malicious URL, the user may be forced to conduct unintended operations on baserCMS. CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N | Base Score: 5.4
---|---|---
CVSS v2 | AV:N/AC:H/Au:N/C:P/I:P/A:N | Base Score: 4.0

Stored cross-site scripting (CWE-79) - CVE-2016-4877, CVE-2016-4880, CVE-2016-4883
A user in Administrative group may be tricked to insert an arbitrary script in an administration page. The stored script may be executed on the user's web browser when another user in Administrative group accesses the administration page. CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | Base Score: 5.4
---|---|---
CVSS v2 | AV:N/AC:L/Au:S/C:N/I:P/A:N | Base Score: 4.0

## Impact

  • An arbitrary script may be executed on user's web browser - CVE-2016-4877, CVE-2016-4880, CVE-2016-4883
  • An arbitrary administrative operation on the baserCMS server may be executed such as configuration alteration - CVE-2016-4879, CVE-2016-4881, CVE-2016-4884, CVE-2016-4885, CVE-2016-4886, CVE-2016-4887, CVE-2016-4876, CVE-2016-4878, CVE-2016-4882

## Solution

Update the Software
Update the software according to the information provided by the developer.
An old version of "Uploader" plugin is provided at the baser market. The developer states that applying baserCMS update overwrites the old version of "Uploader" plugin.

## Products Affected

  • baserCMS version 3.0.10 and earlier
  • baserCMS plugin Blog version 3.0.10 and earlier
  • baserCMS plugin Mail version 3.0.10 and earlier
  • baserCMS plugin Feed version 3.0.10 and earlier
  • baserCMS plugin Uploader version 3.0.10 and earlier