Search for packages
| purl | pkg:composer/baserproject/basercms@3.0.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2u6y-aj6t-7fb1
Aliases: CVE-2018-0573 GHSA-33fq-qm4m-cjw3 |
Improper Privilege Management baserCMS allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors. |
Affected by 27 other vulnerabilities. Affected by 30 other vulnerabilities. |
|
VCID-6trr-5deb-yydm
Aliases: CVE-2018-0571 GHSA-3mcp-6rv6-c69g |
Unrestricted Upload of File with Dangerous Type baserCMS allows remote attackers with a site operator privilege to upload arbitrary files. |
Affected by 27 other vulnerabilities. Affected by 30 other vulnerabilities. |
|
VCID-e4xa-jm9u-nked
Aliases: CVE-2018-0569 GHSA-6j3p-vrph-j7qq |
OS Command Injection baserCMS allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors. |
Affected by 27 other vulnerabilities. Affected by 30 other vulnerabilities. |
|
VCID-ffq1-r9ck-1bhp
Aliases: CVE-2017-10842 GHSA-jc94-wp59-pq4f |
SQL Injection Baser CMS contains a SQL injection vulnerability. |
Affected by 34 other vulnerabilities. Affected by 37 other vulnerabilities. Affected by 37 other vulnerabilities. |
|
VCID-ga9u-uv9b-tydr
Aliases: CVE-2018-0570 GHSA-994g-74gq-5qpr |
Cross-site Scripting Cross-site scripting vulnerability in baserCMS allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. |
Affected by 27 other vulnerabilities. Affected by 30 other vulnerabilities. |
|
VCID-guvm-x5jc-mfgc
Aliases: CVE-2017-10843 GHSA-x73x-7gmx-w835 |
Path Traversal baserCMS allows remote attackers to delete arbitrary files via unspecified vectors when the "File" field is being used in the mail form. |
Affected by 34 other vulnerabilities. Affected by 37 other vulnerabilities. Affected by 37 other vulnerabilities. |
|
VCID-r4jc-22rq-d3cb
Aliases: CVE-2018-0575 GHSA-w935-p7mg-xc96 |
Information Exposure baserCMS allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors. |
Affected by 27 other vulnerabilities. Affected by 30 other vulnerabilities. |
|
VCID-y9f3-k7xk-rucf
Aliases: CVE-2017-10844 GHSA-69gw-v5ph-6vxq |
Code Injection baserCMS allows an attacker to execute arbitrary PHP code on the server via unspecified vectors. |
Affected by 34 other vulnerabilities. Affected by 37 other vulnerabilities. Affected by 37 other vulnerabilities. |
|
VCID-yesf-qxgy-3ygx
Aliases: CVE-2018-0572 GHSA-mjj9-33j8-pfwh |
Improper Access Control baserCMS allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors. |
Affected by 27 other vulnerabilities. Affected by 30 other vulnerabilities. |
|
VCID-zy68-bur9-1fck
Aliases: CVE-2018-0574 GHSA-6qjv-43mf-rgrh |
Cross-site Scripting Cross-site scripting vulnerability in baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
Affected by 27 other vulnerabilities. Affected by 30 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||