Lucene search

GitHub_MVULNRICHMENT:CVE-2023-43648

HistoryOct 30, 2023 - 6:24 p.m.

CVE-2023-43648 baserCMS Directory Traversal vulnerability in Form submission data management Feature

2023-10-3018:24:24

CWE-22

GitHub_M

github.com

basercms

directory traversal

form submission

data management

vulnerability

version 4.8.0

patch

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

35.8%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

baserCMS is a website development framework. Prior to version 4.8.0, there is a Directory Traversal Vulnerability in the form submission data management feature of baserCMS. Version 4.8.0 contains a patch for this issue.

References

basercms.net/security/JVN_81174674

github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b

github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

35.8%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2023-43648