Search for packages
| purl | pkg:composer/baserproject/basercms@3.0.13 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1q79-sxzp-zker
Aliases: CVE-2021-20682 GHSA-g39q-f4rm-85x4 |
OS Command Injection baserCMS allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors. |
Affected by 0 other vulnerabilities. |
|
VCID-2u6y-aj6t-7fb1
Aliases: CVE-2018-0573 GHSA-33fq-qm4m-cjw3 |
Improper Privilege Management baserCMS allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors. |
Affected by 8 other vulnerabilities. Affected by 11 other vulnerabilities. |
|
VCID-6trr-5deb-yydm
Aliases: CVE-2018-0571 GHSA-3mcp-6rv6-c69g |
Unrestricted Upload of File with Dangerous Type baserCMS allows remote attackers with a site operator privilege to upload arbitrary files. |
Affected by 8 other vulnerabilities. Affected by 11 other vulnerabilities. |
|
VCID-9mf7-56fh-fyfk
Aliases: CVE-2018-18943 GHSA-fx2m-5m9v-jhgp |
Cross-site Scripting An issue was discovered in baserCMS In the Register New Category feature of the Upload menu, the category name can be used for XSS via the `data[UploaderCategory][name]` parameter to an `admin/uploader/uploader_categories/edit` URI. |
Affected by 9 other vulnerabilities. |
|
VCID-d5gk-q2hh-kba5
Aliases: CVE-2020-15154 GHSA-cpxc-67rc-c775 |
Cross-site Scripting baserCMS `content_info.php`, `content_options.php`, `content_related.php`, `index_list_tree.php`, `jquery.bcTree.js`. |
Affected by 6 other vulnerabilities. |
|
VCID-e4xa-jm9u-nked
Aliases: CVE-2018-0569 GHSA-6j3p-vrph-j7qq |
OS Command Injection baserCMS allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors. |
Affected by 8 other vulnerabilities. Affected by 11 other vulnerabilities. |
|
VCID-eq7f-n3g5-s3hu
Aliases: CVE-2021-20681 GHSA-24p5-x9f9-vvpx |
Cross-site Scripting Improper neutralization of JavaScript input in the page editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors. |
Affected by 0 other vulnerabilities. |
|
VCID-ffq1-r9ck-1bhp
Aliases: CVE-2017-10842 GHSA-jc94-wp59-pq4f |
SQL Injection Baser CMS contains a SQL injection vulnerability. |
Affected by 15 other vulnerabilities. Affected by 18 other vulnerabilities. Affected by 18 other vulnerabilities. |
|
VCID-ga9u-uv9b-tydr
Aliases: CVE-2018-0570 GHSA-994g-74gq-5qpr |
Cross-site Scripting Cross-site scripting vulnerability in baserCMS allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. |
Affected by 8 other vulnerabilities. Affected by 11 other vulnerabilities. |
|
VCID-gsg3-fdmu-vqag
Aliases: CVE-2018-18942 GHSA-rjc2-x53r-6c9r |
Improper Input Validation baserCMS allows remote attackers to execute arbitrary PHP code via the `admin/theme_configs/form`. |
Affected by 9 other vulnerabilities. |
|
VCID-guvm-x5jc-mfgc
Aliases: CVE-2017-10843 GHSA-x73x-7gmx-w835 |
Path Traversal baserCMS allows remote attackers to delete arbitrary files via unspecified vectors when the "File" field is being used in the mail form. |
Affected by 15 other vulnerabilities. Affected by 18 other vulnerabilities. Affected by 18 other vulnerabilities. |
|
VCID-p6nr-eu91-53b4
Aliases: CVE-2020-15159 GHSA-673x-f5wx-fxpw |
Cross-site Scripting baserCMS is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The affected components are `ThemeFilesController.php` and `UploaderFilesController.php`. |
Affected by 6 other vulnerabilities. |
|
VCID-r4jc-22rq-d3cb
Aliases: CVE-2018-0575 GHSA-w935-p7mg-xc96 |
Information Exposure baserCMS allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors. |
Affected by 8 other vulnerabilities. Affected by 11 other vulnerabilities. |
|
VCID-vqx2-hzju-r7et
Aliases: CVE-2020-15155 GHSA-4r3m-j6x5-48m3 |
Cross-site Scripting baserCMS is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is `toolbar.php`. |
Affected by 6 other vulnerabilities. |
|
VCID-xpsb-2yux-g3cf
Aliases: CVE-2021-20683 GHSA-v9w8-hq92-v39m |
Cross-site Scripting Improper neutralization of JavaScript input in the blog article editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors. |
Affected by 0 other vulnerabilities. |
|
VCID-y9f3-k7xk-rucf
Aliases: CVE-2017-10844 GHSA-69gw-v5ph-6vxq |
Code Injection baserCMS allows an attacker to execute arbitrary PHP code on the server via unspecified vectors. |
Affected by 15 other vulnerabilities. Affected by 18 other vulnerabilities. Affected by 18 other vulnerabilities. |
|
VCID-yesf-qxgy-3ygx
Aliases: CVE-2018-0572 GHSA-mjj9-33j8-pfwh |
Improper Access Control baserCMS allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors. |
Affected by 8 other vulnerabilities. Affected by 11 other vulnerabilities. |
|
VCID-zy68-bur9-1fck
Aliases: CVE-2018-0574 GHSA-6qjv-43mf-rgrh |
Cross-site Scripting Cross-site scripting vulnerability in baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
Affected by 8 other vulnerabilities. Affected by 11 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||