Lucene search

[email protected]NVD:CVE-2023-25655

HistoryMar 23, 2023 - 8:15 p.m.

CVE-2023-25655

2023-03-2320:15:15

CWE-434

[email protected]

web.nvd.nist.gov

basercms

unauthorized uploads

patch

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.4%

JSON

baserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system of baserCMS. Version 4.7.5 contains a patch.

Affected configurations

NVD

Node

basercmsbasercmsRange<4.7.5

References

github.com/baserproject/basercms/commit/922025a98b0e697ab78f6a785a004e0729aa9100

github.com/baserproject/basercms/commit/9297629983ed908c7f51bf61a0231dde91404ebd

github.com/baserproject/basercms/releases/tag/basercms-4.7.5

github.com/baserproject/basercms/security/advisories/GHSA-mfvg-qwcw-qvc8

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.4%

JSON

Related for NVD:CVE-2023-25655

osv2 jvn1 prion1 cvelist1 github1 cve1