CVE-2023-25654

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-25654

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-25654.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-25654

Aliases

GHSA-h4cc-fxpp-pgw9

Published

2023-03-23T19:22:30.154Z

Modified

2026-03-13T07:29:50.546133Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

baserCMS File Uploader Remote Code Execution (RCE) vulnerability

Details

baserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution (RCE) Vulnerability in the management system of baserCMS. Version 4.7.5 contains a patch.

Database specific

{
    "cwe_ids": [
        "CWE-434"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/25xxx/CVE-2023-25654.json"
}

References

Affected packages

Git / github.com/baserproject/basercms

Affected ranges

Type

GIT

Repo

https://github.com/baserproject/basercms

Events

Introduced

Fixed

9dce3143cf9ac5ea04e1056dfccadfa201c7f38a

Fixed

002886be0998c74c386e04f0b43688a8a45d7a96

Fixed

08247f0a633d8e836ce2e5cd2d53aa19901a1359

Fixed

60f83054d8131b0ace60716cec7e629b5eb3a8f0

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.7.5"
        }
    ]
}

Affected versions

2.*

2.0.0

2.0.0-beta

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.5.1

2.1.0

2.1.1

2.1.2

3.*

3.0.0

3.0.1

3.0.10

3.0.11

3.0.11.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.5.1

3.0.6

3.0.6-beta

3.0.6.1

3.0.7

3.0.8

3.0.9

4.*

4.0.0

4.0.0-beta

4.0.1

4.0.10

4.0.10.1

4.0.11

4.0.2

4.0.2.1

4.0.3

4.0.4

4.0.5

4.0.5.1

4.0.5.2

4.0.6

4.0.7

4.0.8

4.0.9

4.1.0

4.1.0.1

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.1.6

4.1.7

4.1.8

4.2.0

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

4.3.0

4.3.1

4.3.2

4.3.3

4.3.4

4.3.5

4.3.6

4.3.7

4.3.7.1

4.4.0

4.4.1

4.4.1.1

4.4.2

4.4.2.1

4.4.3

4.4.4

4.4.5

4.4.6

4.4.7

4.4.8

4.5.0

4.5.1

4.5.2

4.5.3

4.5.4

4.5.5

4.5.6

4.6.0

4.6.1

4.6.1.1

4.6.2

4.6.3

4.7.0

4.7.2

4.7.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-25654.json"