| 0 |
|
| 1 |
| url |
VCID-2u6y-aj6t-7fb1 |
| vulnerability_id |
VCID-2u6y-aj6t-7fb1 |
| summary |
Improper Privilege Management
baserCMS allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2018-0573, GHSA-33fq-qm4m-cjw3
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2u6y-aj6t-7fb1 |
|
| 2 |
|
| 3 |
| url |
VCID-9mf7-56fh-fyfk |
| vulnerability_id |
VCID-9mf7-56fh-fyfk |
| summary |
Cross-site Scripting
An issue was discovered in baserCMS In the Register New Category feature of the Upload menu, the category name can be used for XSS via the `data[UploaderCategory][name]` parameter to an `admin/uploader/uploader_categories/edit` URI. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2018-18943, GHSA-fx2m-5m9v-jhgp
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9mf7-56fh-fyfk |
|
| 4 |
|
| 5 |
|
| 6 |
| url |
VCID-eq7f-n3g5-s3hu |
| vulnerability_id |
VCID-eq7f-n3g5-s3hu |
| summary |
Cross-site Scripting
Improper neutralization of JavaScript input in the page editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2021-20681, GHSA-24p5-x9f9-vvpx
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-eq7f-n3g5-s3hu |
|
| 7 |
| url |
VCID-ffq1-r9ck-1bhp |
| vulnerability_id |
VCID-ffq1-r9ck-1bhp |
| summary |
SQL Injection
Baser CMS contains a SQL injection vulnerability. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/baserproject/basercms@4.0.5.1 |
| purl |
pkg:composer/baserproject/basercms@4.0.5.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1q79-sxzp-zker |
|
| 1 |
| vulnerability |
VCID-2u6y-aj6t-7fb1 |
|
| 2 |
| vulnerability |
VCID-6trr-5deb-yydm |
|
| 3 |
| vulnerability |
VCID-9mf7-56fh-fyfk |
|
| 4 |
| vulnerability |
VCID-d5gk-q2hh-kba5 |
|
| 5 |
| vulnerability |
VCID-e4xa-jm9u-nked |
|
| 6 |
| vulnerability |
VCID-eq7f-n3g5-s3hu |
|
| 7 |
| vulnerability |
VCID-ga9u-uv9b-tydr |
|
| 8 |
| vulnerability |
VCID-gsg3-fdmu-vqag |
|
| 9 |
| vulnerability |
VCID-p6nr-eu91-53b4 |
|
| 10 |
| vulnerability |
VCID-r4jc-22rq-d3cb |
|
| 11 |
| vulnerability |
VCID-twf5-bzba-gqb4 |
|
| 12 |
| vulnerability |
VCID-vqx2-hzju-r7et |
|
| 13 |
| vulnerability |
VCID-wvnk-63hy-ykeq |
|
| 14 |
| vulnerability |
VCID-xpsb-2yux-g3cf |
|
| 15 |
| vulnerability |
VCID-xxud-7jsh-bbc1 |
|
| 16 |
| vulnerability |
VCID-yesf-qxgy-3ygx |
|
| 17 |
| vulnerability |
VCID-zy68-bur9-1fck |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.0.5.1 |
|
| 2 |
| url |
pkg:composer/baserproject/basercms@4.0.6 |
| purl |
pkg:composer/baserproject/basercms@4.0.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1q79-sxzp-zker |
|
| 1 |
| vulnerability |
VCID-2u6y-aj6t-7fb1 |
|
| 2 |
| vulnerability |
VCID-6trr-5deb-yydm |
|
| 3 |
| vulnerability |
VCID-9mf7-56fh-fyfk |
|
| 4 |
| vulnerability |
VCID-d5gk-q2hh-kba5 |
|
| 5 |
| vulnerability |
VCID-e4xa-jm9u-nked |
|
| 6 |
| vulnerability |
VCID-eq7f-n3g5-s3hu |
|
| 7 |
| vulnerability |
VCID-ga9u-uv9b-tydr |
|
| 8 |
| vulnerability |
VCID-gsg3-fdmu-vqag |
|
| 9 |
| vulnerability |
VCID-p6nr-eu91-53b4 |
|
| 10 |
| vulnerability |
VCID-r4jc-22rq-d3cb |
|
| 11 |
| vulnerability |
VCID-twf5-bzba-gqb4 |
|
| 12 |
| vulnerability |
VCID-vqx2-hzju-r7et |
|
| 13 |
| vulnerability |
VCID-wvnk-63hy-ykeq |
|
| 14 |
| vulnerability |
VCID-xpsb-2yux-g3cf |
|
| 15 |
| vulnerability |
VCID-xxud-7jsh-bbc1 |
|
| 16 |
| vulnerability |
VCID-yesf-qxgy-3ygx |
|
| 17 |
| vulnerability |
VCID-zy68-bur9-1fck |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.0.6 |
|
|
| aliases |
CVE-2017-10842, GHSA-jc94-wp59-pq4f
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ffq1-r9ck-1bhp |
|
| 8 |
| url |
VCID-ga9u-uv9b-tydr |
| vulnerability_id |
VCID-ga9u-uv9b-tydr |
| summary |
Cross-site Scripting
Cross-site scripting vulnerability in baserCMS allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2018-0570, GHSA-994g-74gq-5qpr
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ga9u-uv9b-tydr |
|
| 9 |
|
| 10 |
| url |
VCID-guvm-x5jc-mfgc |
| vulnerability_id |
VCID-guvm-x5jc-mfgc |
| summary |
Path Traversal
baserCMS allows remote attackers to delete arbitrary files via unspecified vectors when the "File" field is being used in the mail form. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/baserproject/basercms@4.0.5.1 |
| purl |
pkg:composer/baserproject/basercms@4.0.5.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1q79-sxzp-zker |
|
| 1 |
| vulnerability |
VCID-2u6y-aj6t-7fb1 |
|
| 2 |
| vulnerability |
VCID-6trr-5deb-yydm |
|
| 3 |
| vulnerability |
VCID-9mf7-56fh-fyfk |
|
| 4 |
| vulnerability |
VCID-d5gk-q2hh-kba5 |
|
| 5 |
| vulnerability |
VCID-e4xa-jm9u-nked |
|
| 6 |
| vulnerability |
VCID-eq7f-n3g5-s3hu |
|
| 7 |
| vulnerability |
VCID-ga9u-uv9b-tydr |
|
| 8 |
| vulnerability |
VCID-gsg3-fdmu-vqag |
|
| 9 |
| vulnerability |
VCID-p6nr-eu91-53b4 |
|
| 10 |
| vulnerability |
VCID-r4jc-22rq-d3cb |
|
| 11 |
| vulnerability |
VCID-twf5-bzba-gqb4 |
|
| 12 |
| vulnerability |
VCID-vqx2-hzju-r7et |
|
| 13 |
| vulnerability |
VCID-wvnk-63hy-ykeq |
|
| 14 |
| vulnerability |
VCID-xpsb-2yux-g3cf |
|
| 15 |
| vulnerability |
VCID-xxud-7jsh-bbc1 |
|
| 16 |
| vulnerability |
VCID-yesf-qxgy-3ygx |
|
| 17 |
| vulnerability |
VCID-zy68-bur9-1fck |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.0.5.1 |
|
| 2 |
| url |
pkg:composer/baserproject/basercms@4.0.6 |
| purl |
pkg:composer/baserproject/basercms@4.0.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1q79-sxzp-zker |
|
| 1 |
| vulnerability |
VCID-2u6y-aj6t-7fb1 |
|
| 2 |
| vulnerability |
VCID-6trr-5deb-yydm |
|
| 3 |
| vulnerability |
VCID-9mf7-56fh-fyfk |
|
| 4 |
| vulnerability |
VCID-d5gk-q2hh-kba5 |
|
| 5 |
| vulnerability |
VCID-e4xa-jm9u-nked |
|
| 6 |
| vulnerability |
VCID-eq7f-n3g5-s3hu |
|
| 7 |
| vulnerability |
VCID-ga9u-uv9b-tydr |
|
| 8 |
| vulnerability |
VCID-gsg3-fdmu-vqag |
|
| 9 |
| vulnerability |
VCID-p6nr-eu91-53b4 |
|
| 10 |
| vulnerability |
VCID-r4jc-22rq-d3cb |
|
| 11 |
| vulnerability |
VCID-twf5-bzba-gqb4 |
|
| 12 |
| vulnerability |
VCID-vqx2-hzju-r7et |
|
| 13 |
| vulnerability |
VCID-wvnk-63hy-ykeq |
|
| 14 |
| vulnerability |
VCID-xpsb-2yux-g3cf |
|
| 15 |
| vulnerability |
VCID-xxud-7jsh-bbc1 |
|
| 16 |
| vulnerability |
VCID-yesf-qxgy-3ygx |
|
| 17 |
| vulnerability |
VCID-zy68-bur9-1fck |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.0.6 |
|
|
| aliases |
CVE-2017-10843, GHSA-x73x-7gmx-w835
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-guvm-x5jc-mfgc |
|
| 11 |
| url |
VCID-p6nr-eu91-53b4 |
| vulnerability_id |
VCID-p6nr-eu91-53b4 |
| summary |
Cross-site Scripting
baserCMS is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The affected components are `ThemeFilesController.php` and `UploaderFilesController.php`. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2020-15159, GHSA-673x-f5wx-fxpw
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p6nr-eu91-53b4 |
|
| 12 |
| url |
VCID-r4jc-22rq-d3cb |
| vulnerability_id |
VCID-r4jc-22rq-d3cb |
| summary |
Information Exposure
baserCMS allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2018-0575, GHSA-w935-p7mg-xc96
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r4jc-22rq-d3cb |
|
| 13 |
| url |
VCID-vqx2-hzju-r7et |
| vulnerability_id |
VCID-vqx2-hzju-r7et |
| summary |
Cross-site Scripting
baserCMS is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is `toolbar.php`. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2020-15155, GHSA-4r3m-j6x5-48m3
|
| risk_score |
3.3 |
| exploitability |
0.5 |
| weighted_severity |
6.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vqx2-hzju-r7et |
|
| 14 |
| url |
VCID-xpsb-2yux-g3cf |
| vulnerability_id |
VCID-xpsb-2yux-g3cf |
| summary |
Cross-site Scripting
Improper neutralization of JavaScript input in the blog article editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2021-20683, GHSA-v9w8-hq92-v39m
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xpsb-2yux-g3cf |
|
| 15 |
| url |
VCID-y9f3-k7xk-rucf |
| vulnerability_id |
VCID-y9f3-k7xk-rucf |
| summary |
Code Injection
baserCMS allows an attacker to execute arbitrary PHP code on the server via unspecified vectors. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/baserproject/basercms@4.0.5.1 |
| purl |
pkg:composer/baserproject/basercms@4.0.5.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1q79-sxzp-zker |
|
| 1 |
| vulnerability |
VCID-2u6y-aj6t-7fb1 |
|
| 2 |
| vulnerability |
VCID-6trr-5deb-yydm |
|
| 3 |
| vulnerability |
VCID-9mf7-56fh-fyfk |
|
| 4 |
| vulnerability |
VCID-d5gk-q2hh-kba5 |
|
| 5 |
| vulnerability |
VCID-e4xa-jm9u-nked |
|
| 6 |
| vulnerability |
VCID-eq7f-n3g5-s3hu |
|
| 7 |
| vulnerability |
VCID-ga9u-uv9b-tydr |
|
| 8 |
| vulnerability |
VCID-gsg3-fdmu-vqag |
|
| 9 |
| vulnerability |
VCID-p6nr-eu91-53b4 |
|
| 10 |
| vulnerability |
VCID-r4jc-22rq-d3cb |
|
| 11 |
| vulnerability |
VCID-twf5-bzba-gqb4 |
|
| 12 |
| vulnerability |
VCID-vqx2-hzju-r7et |
|
| 13 |
| vulnerability |
VCID-wvnk-63hy-ykeq |
|
| 14 |
| vulnerability |
VCID-xpsb-2yux-g3cf |
|
| 15 |
| vulnerability |
VCID-xxud-7jsh-bbc1 |
|
| 16 |
| vulnerability |
VCID-yesf-qxgy-3ygx |
|
| 17 |
| vulnerability |
VCID-zy68-bur9-1fck |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.0.5.1 |
|
| 2 |
| url |
pkg:composer/baserproject/basercms@4.0.6 |
| purl |
pkg:composer/baserproject/basercms@4.0.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1q79-sxzp-zker |
|
| 1 |
| vulnerability |
VCID-2u6y-aj6t-7fb1 |
|
| 2 |
| vulnerability |
VCID-6trr-5deb-yydm |
|
| 3 |
| vulnerability |
VCID-9mf7-56fh-fyfk |
|
| 4 |
| vulnerability |
VCID-d5gk-q2hh-kba5 |
|
| 5 |
| vulnerability |
VCID-e4xa-jm9u-nked |
|
| 6 |
| vulnerability |
VCID-eq7f-n3g5-s3hu |
|
| 7 |
| vulnerability |
VCID-ga9u-uv9b-tydr |
|
| 8 |
| vulnerability |
VCID-gsg3-fdmu-vqag |
|
| 9 |
| vulnerability |
VCID-p6nr-eu91-53b4 |
|
| 10 |
| vulnerability |
VCID-r4jc-22rq-d3cb |
|
| 11 |
| vulnerability |
VCID-twf5-bzba-gqb4 |
|
| 12 |
| vulnerability |
VCID-vqx2-hzju-r7et |
|
| 13 |
| vulnerability |
VCID-wvnk-63hy-ykeq |
|
| 14 |
| vulnerability |
VCID-xpsb-2yux-g3cf |
|
| 15 |
| vulnerability |
VCID-xxud-7jsh-bbc1 |
|
| 16 |
| vulnerability |
VCID-yesf-qxgy-3ygx |
|
| 17 |
| vulnerability |
VCID-zy68-bur9-1fck |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.0.6 |
|
|
| aliases |
CVE-2017-10844, GHSA-69gw-v5ph-6vxq
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-y9f3-k7xk-rucf |
|
| 16 |
| url |
VCID-yesf-qxgy-3ygx |
| vulnerability_id |
VCID-yesf-qxgy-3ygx |
| summary |
Improper Access Control
baserCMS allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2018-0572, GHSA-mjj9-33j8-pfwh
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yesf-qxgy-3ygx |
|
| 17 |
|