Basercms

Basercms

59 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2018-18942

Exploit
  • EPSS 0.89%
  • Veröffentlicht 05.11.2018 09:29:00
  • Zuletzt bearbeitet 21.11.2024 03:56:55

In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter.

5.3

CVE-2018-0575

  • EPSS 0.17%
  • Veröffentlicht 26.06.2018 14:29:01
  • Zuletzt bearbeitet 21.11.2024 03:38:30

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors.

6.1

CVE-2018-0574

  • EPSS 0.26%
  • Veröffentlicht 26.06.2018 14:29:01
  • Zuletzt bearbeitet 21.11.2024 03:38:30

Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

5.3

CVE-2018-0573

  • EPSS 0.17%
  • Veröffentlicht 26.06.2018 14:29:01
  • Zuletzt bearbeitet 21.11.2024 03:38:30

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors.

8.1

CVE-2018-0572

  • EPSS 0.19%
  • Veröffentlicht 26.06.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:38:30

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors.

4.3

CVE-2018-0571

  • EPSS 0.17%
  • Veröffentlicht 26.06.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:38:30

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files.

5.4

CVE-2018-0570

  • EPSS 0.2%
  • Veröffentlicht 26.06.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:38:30

Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

8.8

CVE-2018-0569

  • EPSS 1%
  • Veröffentlicht 26.06.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:38:29

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors.

8.8

CVE-2017-10844

  • EPSS 0.57%
  • Veröffentlicht 29.08.2017 01:35:13
  • Zuletzt bearbeitet 20.04.2025 01:37:25

baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to execute arbitrary PHP code on the server via unspecified vectors.

9.8

CVE-2017-10842

  • EPSS 0.67%
  • Veröffentlicht 29.08.2017 01:35:13
  • Zuletzt bearbeitet 20.04.2025 01:37:25

SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.