CVE-2023-25654
CRITICAL9.8EPSS 2.1%baserCMS File Uploader Remote Code Execution (RCE) vulnerability
Published: 3/23/2023Modified: 11/8/2023
Also known as:GHSA-h4cc-fxpp-pgw9
Description
### Impact There is a Remote Code Execution (RCE) Vulnerability on the management system of baserCMS. ### Target baserCMS 4.7.3 and earlier versions ### Patches Update to the latest version of baserCMS ### Credits 島峰泰平@三井物産セキュアディレクション株式会社
Affected packages (1)
- Packagist/baserproject/basercmsfrom 0, < 4.7.5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-25654
- PATCHhttps://github.com/baserproject/basercms
- WEBhttps://github.com/baserproject/basercms/commit/002886be0998c74c386e04f0b43688a8a45d7a96
- WEBhttps://github.com/baserproject/basercms/commit/08247f0a633d8e836ce2e5cd2d53aa19901a1359
- WEBhttps://github.com/baserproject/basercms/commit/60f83054d8131b0ace60716cec7e629b5eb3a8f0
- WEBhttps://github.com/baserproject/basercms/releases/tag/basercms-4.7.5
- WEBhttps://github.com/baserproject/basercms/security/advisories/GHSA-h4cc-fxpp-pgw9