Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02d3I2LTU0bXctbXZocs3vlA
BaserCMS privilege escallation
BaserCMS before 1.6.12 does not properly restrict additions to the membership of the operators group, which allows remote authenticated users to gain privileges via unspecified vectors.
Permalink: https://github.com/advisories/GHSA-6wr6-54mw-mvhrJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02d3I2LTU0bXctbXZocs3vlA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 3 months ago
Identifiers: GHSA-6wr6-54mw-mvhr, CVE-2011-2674
References:
- https://nvd.nist.gov/vuln/detail/CVE-2011-2674
- http://basercms.net/patch/JVN09789751
- http://jvn.jp/en/jp/JVN16617002/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2011-000066
- https://github.com/advisories/GHSA-6wr6-54mw-mvhr
Affected Packages
packagist:baserproject/basercms
Dependent packages: 0Dependent repositories: 4
Downloads: 38 total
Affected Version Ranges: < 1.6.12
Fixed in: 1.6.12
All affected versions: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.0.7, 0.0.8, 1.0.0
All unaffected versions: 2.0.0, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.0.15, 3.0.16, 3.0.17, 3.0.18, 3.0.19, 3.0.20, 3.0.21, 3.0.22, 3.0.23, 3.0.24, 3.0.25, 3.0.26, 4.0.0, 4.1.0, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.4.8, 4.5.4, 4.8.1, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15