CVE-2023-25654
CRITICAL9.8EPSS 2.1%baserCMS File Uploader Remote Code Execution (RCE) vulnerability
發布日:2023/3/23修改日:2023/11/8
描述
### Impact There is a Remote Code Execution (RCE) Vulnerability on the management system of baserCMS. ### Target baserCMS 4.7.3 and earlier versions ### Patches Update to the latest version of baserCMS ### Credits 島峰泰平@三井物産セキュアディレクション株式会社
受影響套件(1)
- Packagist/baserproject/basercmsfrom 0, < 4.7.5
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
參考連結(7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-25654
- PATCHhttps://github.com/baserproject/basercms
- WEBhttps://github.com/baserproject/basercms/commit/002886be0998c74c386e04f0b43688a8a45d7a96
- WEBhttps://github.com/baserproject/basercms/commit/08247f0a633d8e836ce2e5cd2d53aa19901a1359
- WEBhttps://github.com/baserproject/basercms/commit/60f83054d8131b0ace60716cec7e629b5eb3a8f0
- WEBhttps://github.com/baserproject/basercms/releases/tag/basercms-4.7.5
- WEBhttps://github.com/baserproject/basercms/security/advisories/GHSA-h4cc-fxpp-pgw9