Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12cm02LWM4NzgtZnBxNs4AA2uY
baserCMS Code Injection Vulnerability in Mail Form Feature
There is a Code Injection Vulnerability in Mail Form to baserCMS.
Target
baserCMS 4.7.6 and earlier versions
Vulnerability
Malicious code may be executed in Mail Form Feature.
Countermeasures
Update to the latest version of baserCMS
Please refer to the following page to reference for more information.
https://basercms.net/security/JVN_45547161
Credits
Shiga Takuma@BroadBand Security, Inc
Permalink: https://github.com/advisories/GHSA-vrm6-c878-fpq6JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12cm02LWM4NzgtZnBxNs4AA2uY
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 6 months ago
Updated: 6 months ago
CVSS Score: 5.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Identifiers: GHSA-vrm6-c878-fpq6, CVE-2023-43792
References:
- https://github.com/baserproject/basercms/security/advisories/GHSA-vrm6-c878-fpq6
- https://basercms.net/security/JVN_45547161
- https://nvd.nist.gov/vuln/detail/CVE-2023-43792
- https://github.com/advisories/GHSA-vrm6-c878-fpq6
Blast Radius: 3.2
Affected Packages
packagist:baserproject/basercms
Dependent packages: 0Dependent repositories: 4
Downloads: 38 total
Affected Version Ranges: >= 4.6.0, <= 4.7.6
No known fixed version
All affected versions: