GHSA-h4cc-fxpp-pgw9

Опубликовано: 23 мар. 2023

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

baserCMS File Uploader Remote Code Execution (RCE) vulnerability

Impact

There is a Remote Code Execution (RCE) Vulnerability on the management system of baserCMS.

Target

baserCMS 4.7.3 and earlier versions

Patches

Update to the latest version of baserCMS

Credits

島峰泰平＠三井物産セキュアディレクション株式会社

Ссылки

Пакеты

Наименование

baserproject/basercms

composer

Затронутые версииВерсия исправления

< 4.7.5

4.7.5

EPSS

Процентиль: 82%

0.01674

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2023-25654

Дефекты

CWE-434

Связанные уязвимости

CVE-2023-25654

CVSS3: 9.8

nvd

почти 3 года назад

baserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution (RCE) Vulnerability in the management system of baserCMS. Version 4.7.5 contains a patch.

EPSS

Процентиль: 82%

0.01674

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2023-25654

Дефекты

CWE-434