Описание
RCE in baserCMS before 4.1.4
In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter.
Пакеты
Наименование
baserproject/basercms
composer
Затронутые версииВерсия исправления
< 4.1.4
4.1.4
Связанные уязвимости
CVSS3: 7.2
nvd
больше 7 лет назад
In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter.