Lucene search

GitHub_MVULNRICHMENT:CVE-2023-43792

HistoryOct 30, 2023 - 8:00 p.m.

CVE-2023-43792 baserCMS Code Injection Vulnerability in Mail Form Feature

2023-10-3020:00:14

CWE-94

GitHub_M

github.com

basercms

code injection

vulnerability

mail form

security

framework

version 4.6.0

version 4.7.6

patched

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

44.5%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available.

References

basercms.net/security/JVN_45547161

github.com/baserproject/basercms/security/advisories/GHSA-vrm6-c878-fpq6

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

44.5%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2023-43792