GHSA-h4cc-fxpp-pgw9
Suggest an improvement- Source
- https://github.com/advisories/GHSA-h4cc-fxpp-pgw9
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-h4cc-fxpp-pgw9/GHSA-h4cc-fxpp-pgw9.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-h4cc-fxpp-pgw9
- Aliases
- Published
- 2023-03-23T20:00:08Z
- Modified
- 2023-11-01T05:01:23.569756Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- baserCMS File Uploader Remote Code Execution (RCE) vulnerability
- Details
-
Impact
There is a Remote Code Execution (RCE) Vulnerability on the management system of baserCMS.
Target
baserCMS 4.7.3 and earlier versions
Patches
Update to the latest version of baserCMS
Credits
島峰泰平@三井物産セキュアディレクション株式会社
- Database specific
{ "nvd_published_at": "2023-03-23T20:15:00Z", "github_reviewed_at": "2023-03-23T20:00:08Z", "severity": "CRITICAL", "github_reviewed": true, "cwe_ids": [ "CWE-434" ] }- References
-
- https://github.com/baserproject/basercms/security/advisories/GHSA-h4cc-fxpp-pgw9
- https://nvd.nist.gov/vuln/detail/CVE-2023-25654
- https://github.com/baserproject/basercms/commit/002886be0998c74c386e04f0b43688a8a45d7a96
- https://github.com/baserproject/basercms/commit/08247f0a633d8e836ce2e5cd2d53aa19901a1359
- https://github.com/baserproject/basercms/commit/60f83054d8131b0ace60716cec7e629b5eb3a8f0
- https://github.com/baserproject/basercms
- https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5
Affected packages
Packagist / baserproject/basercms
Package
- Name
- baserproject/basercms
- Purl
- pkg:composer/baserproject/basercms