CVE-2018-18942

HIGH7.2EPSS 0.93%

RCE in baserCMS before 4.1.4

Published: 5/13/2022Modified: 2/16/2024

Description

In baserCMS before 4.1.4, `lib\Baser\Model\ThemeConfig.php` allows remote attackers to execute arbitrary PHP code via the `admin/theme_configs/form data[ThemeConfig][logo]` parameter.

Affected packages (1)

Packagist/baserproject/basercmsfrom 0, < 4.1.4

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.2	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-18942
WEBhttps://github.com/baserproject/basercms/issues/959
WEBhttps://web.archive.org/web/20200130073341/https://basercms.net/release/4_1_4
WEBhttps://web.archive.org/web/20211209034642/http://sunu11.com/2018/10/31/baserCMS