Lucene search

Veracode Vulnerability DatabaseVERACODE:44056

HistoryOct 30, 2023 - 7:37 a.m.

Directory Traversal

2023-10-3007:37:03

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

basercms

directory traversal

vulnerability

improper sanitization

form submission

data management

sensitive information

server

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.4%

JSON

basercms is vulnerable to Directory Traversal. The vulnerability is due to improper sanitization and validation in the Form submission data management feature. An attacker can exploit this vulnerability to gain sensitive information from the server.

CPENameOperatorVersion
baserproject/basercmsle4.5.4
baserproject/basercmsle4.5.4

CPE	Name	Operator	Version
	baserproject/basercms	le	4.5.4
	baserproject/basercms	le	4.5.4

References

basercms.net/security/JVN_81174674

github.com/advisories/GHSA-hmqj-gv2m-hq55

github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b

github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.4%

JSON

Related for VERACODE:44056