GitHub Advisory DatabaseGHSA-H4CC-FXPP-PGW9baserCMS File Uploader Remote Code Execution (RCE) vulnerability
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
88.0%
Impact
There is a Remote Code Execution (RCE) Vulnerability on the management system of baserCMS.
Target
baserCMS 4.7.3 and earlier versions
Patches
Update to the latest version of baserCMS
Credits
島峰泰平@三井物産セキュアディレクション株式会社
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| baserproject | basercms | * | cpe:2.3:a:baserproject:basercms:*:*:*:*:*:*:*:* |
References
github.com/advisories/GHSA-h4cc-fxpp-pgw9
github.com/baserproject/basercms/commit/002886be0998c74c386e04f0b43688a8a45d7a96
github.com/baserproject/basercms/commit/08247f0a633d8e836ce2e5cd2d53aa19901a1359
github.com/baserproject/basercms/commit/60f83054d8131b0ace60716cec7e629b5eb3a8f0
github.com/baserproject/basercms/releases/tag/basercms-4.7.5
github.com/baserproject/basercms/security/advisories/GHSA-h4cc-fxpp-pgw9
nvd.nist.gov/vuln/detail/CVE-2023-25654
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
88.0%