Search for packages
| purl | pkg:composer/baserproject/basercms@4.0.6 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1q79-sxzp-zker
Aliases: CVE-2021-20682 GHSA-g39q-f4rm-85x4 |
OS Command Injection baserCMS allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors. |
Affected by 0 other vulnerabilities. |
|
VCID-2u6y-aj6t-7fb1
Aliases: CVE-2018-0573 GHSA-33fq-qm4m-cjw3 |
Improper Privilege Management baserCMS allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors. |
Affected by 11 other vulnerabilities. |
|
VCID-6trr-5deb-yydm
Aliases: CVE-2018-0571 GHSA-3mcp-6rv6-c69g |
Unrestricted Upload of File with Dangerous Type baserCMS allows remote attackers with a site operator privilege to upload arbitrary files. |
Affected by 11 other vulnerabilities. |
|
VCID-9mf7-56fh-fyfk
Aliases: CVE-2018-18943 GHSA-fx2m-5m9v-jhgp |
Cross-site Scripting An issue was discovered in baserCMS In the Register New Category feature of the Upload menu, the category name can be used for XSS via the `data[UploaderCategory][name]` parameter to an `admin/uploader/uploader_categories/edit` URI. |
Affected by 9 other vulnerabilities. |
|
VCID-d5gk-q2hh-kba5
Aliases: CVE-2020-15154 GHSA-cpxc-67rc-c775 |
Cross-site Scripting baserCMS `content_info.php`, `content_options.php`, `content_related.php`, `index_list_tree.php`, `jquery.bcTree.js`. |
Affected by 6 other vulnerabilities. |
|
VCID-e4xa-jm9u-nked
Aliases: CVE-2018-0569 GHSA-6j3p-vrph-j7qq |
OS Command Injection baserCMS allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors. |
Affected by 11 other vulnerabilities. |
|
VCID-eq7f-n3g5-s3hu
Aliases: CVE-2021-20681 GHSA-24p5-x9f9-vvpx |
Cross-site Scripting Improper neutralization of JavaScript input in the page editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors. |
Affected by 0 other vulnerabilities. |
|
VCID-ga9u-uv9b-tydr
Aliases: CVE-2018-0570 GHSA-994g-74gq-5qpr |
Cross-site Scripting Cross-site scripting vulnerability in baserCMS allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. |
Affected by 11 other vulnerabilities. |
|
VCID-gsg3-fdmu-vqag
Aliases: CVE-2018-18942 GHSA-rjc2-x53r-6c9r |
Improper Input Validation baserCMS allows remote attackers to execute arbitrary PHP code via the `admin/theme_configs/form`. |
Affected by 9 other vulnerabilities. |
|
VCID-p6nr-eu91-53b4
Aliases: CVE-2020-15159 GHSA-673x-f5wx-fxpw |
Cross-site Scripting baserCMS is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The affected components are `ThemeFilesController.php` and `UploaderFilesController.php`. |
Affected by 6 other vulnerabilities. |
|
VCID-r4jc-22rq-d3cb
Aliases: CVE-2018-0575 GHSA-w935-p7mg-xc96 |
Information Exposure baserCMS allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors. |
Affected by 11 other vulnerabilities. |
|
VCID-twf5-bzba-gqb4
Aliases: CVE-2020-15273 GHSA-wpww-4jf4-4hx8 |
Cross-site Scripting baserCMS is vulnerable to Cross-Site Scripting. The issue affects the following components; Edit feed settings, Edit widget area, Sub site new registration, and New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can access the file upload function category list, sub-site setting list, widget area edit, and feed list on the management screen. |
Affected by 3 other vulnerabilities. |
|
VCID-vqx2-hzju-r7et
Aliases: CVE-2020-15155 GHSA-4r3m-j6x5-48m3 |
Cross-site Scripting baserCMS is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is `toolbar.php`. |
Affected by 6 other vulnerabilities. |
|
VCID-wvnk-63hy-ykeq
Aliases: CVE-2020-15276 GHSA-fw5q-j9p4-3vxg |
Cross-site Scripting baserCMS is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a specially crafted nickname in the blog comments. The issue affects the blog comment component. |
Affected by 3 other vulnerabilities. |
|
VCID-xpsb-2yux-g3cf
Aliases: CVE-2021-20683 GHSA-v9w8-hq92-v39m |
Cross-site Scripting Improper neutralization of JavaScript input in the blog article editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors. |
Affected by 0 other vulnerabilities. |
|
VCID-xxud-7jsh-bbc1
Aliases: CVE-2020-15277 GHSA-6fmv-q269-55cw |
Unrestricted Upload of File with Dangerous Type baserCMS Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The `Edit template` component was found to be vulnerable. |
Affected by 3 other vulnerabilities. |
|
VCID-yesf-qxgy-3ygx
Aliases: CVE-2018-0572 GHSA-mjj9-33j8-pfwh |
Improper Access Control baserCMS allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors. |
Affected by 11 other vulnerabilities. |
|
VCID-zy68-bur9-1fck
Aliases: CVE-2018-0574 GHSA-6qjv-43mf-rgrh |
Cross-site Scripting Cross-site scripting vulnerability in baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
Affected by 11 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-ffq1-r9ck-1bhp | SQL Injection Baser CMS contains a SQL injection vulnerability. |
CVE-2017-10842
GHSA-jc94-wp59-pq4f |
| VCID-guvm-x5jc-mfgc | Path Traversal baserCMS allows remote attackers to delete arbitrary files via unspecified vectors when the "File" field is being used in the mail form. |
CVE-2017-10843
GHSA-x73x-7gmx-w835 |
| VCID-y9f3-k7xk-rucf | Code Injection baserCMS allows an attacker to execute arbitrary PHP code on the server via unspecified vectors. |
CVE-2017-10844
GHSA-69gw-v5ph-6vxq |