CVE-2018-18942

描述

In baserCMS before 4.1.4, `lib\Baser\Model\ThemeConfig.php` allows remote attackers to execute arbitrary PHP code via the `admin/theme_configs/form data[ThemeConfig][logo]` parameter.

受影響套件(1)

• Packagist/baserproject/basercmsfrom 0, < 4.1.4

CVSS 分數

參考連結(4)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-18942
• WEBhttps://github.com/baserproject/basercms/issues/959
• WEBhttps://web.archive.org/web/20200130073341/https://basercms.net/release/4_1_4
• WEBhttps://web.archive.org/web/20211209034642/http://sunu11.com/2018/10/31/baserCMS