GHSA-6j3p-vrph-j7qq

Source

https://github.com/advisories/GHSA-6j3p-vrph-j7qq

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6j3p-vrph-j7qq/GHSA-6j3p-vrph-j7qq.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-6j3p-vrph-j7qq

Aliases

CVE-2018-0569

Published

2022-05-14T03:06:07Z

Modified

2023-11-01T04:48:28.659263Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

OS Command Injection in baserCMS

Details

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors.

Database specific

{
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-78"
    ],
    "severity": "HIGH",
    "nvd_published_at": "2018-06-26T14:29:00Z",
    "github_reviewed_at": "2023-07-07T00:13:09Z"
}

References

Affected packages

Packagist / baserproject/basercms

Package

Name: baserproject/basercms
Purl: pkg:composer/baserproject/basercms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Last affected

4.1.0.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6j3p-vrph-j7qq/GHSA-6j3p-vrph-j7qq.json"

Packagist / baserproject/basercms

Package

Name: baserproject/basercms
Purl: pkg:composer/baserproject/basercms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

3.0.15

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6j3p-vrph-j7qq/GHSA-6j3p-vrph-j7qq.json"