CVE-2011-2674

EPSS 0.19%

BaserCMS privilege escallation

發布日:2022/5/13修改日:2024/1/15

描述

BaserCMS before 1.6.12 does not properly restrict additions to the membership of the operators group, which allows remote authenticated users to gain privileges via unspecified vectors.

受影響套件(1)

Packagist/baserproject/basercmsfrom 0, < 1.6.12

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2011-2674
PATCHhttps://github.com/baserproject/basercms
WEBhttp://basercms.net/patch/JVN09789751
WEBhttp://jvndb.jvn.jp/jvndb/JVNDB-2011-000066
WEBhttp://jvn.jp/en/jp/JVN16617002/index.html