CVE-2011-2674

EPSS 0.19%

BaserCMS privilege escallation

Published: 5/13/2022Modified: 1/15/2024

Description

BaserCMS before 1.6.12 does not properly restrict additions to the membership of the operators group, which allows remote authenticated users to gain privileges via unspecified vectors.

Affected packages (1)

Packagist/baserproject/basercmsfrom 0, < 1.6.12

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2011-2674
PATCHhttps://github.com/baserproject/basercms
WEBhttp://basercms.net/patch/JVN09789751
WEBhttp://jvndb.jvn.jp/jvndb/JVNDB-2011-000066
WEBhttp://jvn.jp/en/jp/JVN16617002/index.html