4 matches found
Command Injection
Overview baserproject/basercms is a Content management system based on CakePHP. Affected versions of this package are vulnerable to Command Injection in the core update process. An attacker can execute arbitrary operating system commands on the server by supplying crafted input that is passed...
Command Injection
Overview baserproject/basercms is a Content management system based on CakePHP. Affected versions of this package are vulnerable to Command Injection via the installer process. An attacker can execute arbitrary operating system commands by supplying crafted input during installation. Remediation...
Incorrect Authorization
Overview baserproject/basercms is a Content management system based on CakePHP. Affected versions of this package are vulnerable to Incorrect Authorization via the mail submission API. An attacker can submit unauthorized mail form entries by sending requests to the public API endpoint, even when...
Arbitrary File Upload
Overview baserproject/basercms is a Content management system based on CakePHP. Affected versions of this package are vulnerable to Arbitrary File Upload in the restore process. An attacker can execute arbitrary PHP code by uploading a crafted .zip archive containing a malicious PHP file, which i...