Lucene search

GoogleOSV:GHSA-VRM6-C878-FPQ6

HistoryOct 26, 2023 - 8:52 p.m.

baserCMS Code Injection Vulnerability in Mail Form Feature

2023-10-2620:52:27

Google

osv.dev

basercms

mail form

code injection

vulnerability

update

security

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

40.0%

JSON

There is a Code Injection Vulnerability in Mail Form to baserCMS.

Target

baserCMS 4.7.6 and earlier versions

Vulnerability

Malicious code may be executed in Mail Form Feature.

Countermeasures

Update to the latest version of baserCMS

Please refer to the following page to reference for more information.
https://basercms.net/security/JVN_45547161

Credits

Shiga Takuma@BroadBand Security, Inc

References

basercms.net/security/JVN_45547161

github.com/baserproject/basercms

github.com/baserproject/basercms/security/advisories/GHSA-vrm6-c878-fpq6

nvd.nist.gov/vuln/detail/CVE-2023-43792

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

40.0%

JSON

Related for OSV:GHSA-VRM6-C878-FPQ6