9.8
CVE-2023-25654
- EPSS 1.53%
- Veröffentlicht 23.03.2023 20:15:14
- Zuletzt bearbeitet 21.11.2024 07:49:52
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginbaserCMS File Uploader Remote Code Execution (RCE) vulnerability
baserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution (RCE) Vulnerability in the management system of baserCMS. Version 4.7.5 contains a patch.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.53% | 0.715 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| security-advisories@github.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://github.com/baserproject/basercms/commit/002886be0998c74c386e04f0b43688a8a45d7a96
https://github.com/baserproject/basercms/commit/08247f0a633d8e836ce2e5cd2d53aa19901a1359
https://github.com/baserproject/basercms/commit/60f83054d8131b0ace60716cec7e629b5eb3a8f0
https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5
https://github.com/baserproject/basercms/security/advisories/GHSA-h4cc-fxpp-pgw9