Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS03N2ZjLTRjdjUtaG1mcs4AA5di
baserCMS OS command injection vulnerability in Installer
There is a OS command injection in Installer Feature to baserCMS.
Target
baserCMS 5.0.8 and earlier versions
Vulnerability
Malicious command may be executed in Installer.
Countermeasures
Update to the latest version of baserCMS
Please refer to the following page to reference for more information.
https://basercms.net/security/JVN_73283159
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03N2ZjLTRjdjUtaG1mcs4AA5di
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 2 months ago
Updated: 2 months ago
CVSS Score: 5.6
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Identifiers: GHSA-77fc-4cv5-hmfr, CVE-2023-51450
References:
- https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr
- https://nvd.nist.gov/vuln/detail/CVE-2023-51450
- https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c
- https://basercms.net/security/JVN_09767360
- https://github.com/advisories/GHSA-77fc-4cv5-hmfr
Blast Radius: 3.4
Affected Packages
packagist:baserproject/basercms
Dependent packages: 0Dependent repositories: 4
Downloads: 38 total
Affected Version Ranges: < 5.0.9
Fixed in: 5.0.9
All affected versions: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.0.7, 0.0.8, 1.0.0, 2.0.0, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.0.15, 3.0.16, 3.0.17, 3.0.18, 3.0.19, 3.0.20, 3.0.21, 3.0.22, 3.0.23, 3.0.24, 3.0.25, 3.0.26, 4.0.0, 4.1.0, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.4.8, 4.5.4, 4.8.1, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8
All unaffected versions: 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15