2 matches found
CVE-2012-1198
CVE-2012-1198 affects BASE 1.4.5. The issue occurs in base_ag_main.php where an attacker can upload a file with an executable extension via a create action and then access it via a view action, enabling remote code execution. The NVD entry assigns a CVSSv2 base score of 7.5 (HIGH) with network ac...
CVE-2012-1199
BASE 1.4.5 contains multiple PHP remote file inclusion vulnerabilities that allow an attacker to execute arbitrary PHP code by passing a URL to the BASE_path parameter (and related parameters) to various BASE scripts (e.g., base_ag_main.php, base_db_setup.php, base_graph_.php, base_qry_ .php, bas...