Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-u16w-rbuk-ybfs
Vulnerability ID VCID-u16w-rbuk-ybfs
Aliases CVE-2023-43648
GHSA-hmqj-gv2m-hq55
Summary baserCMS Directory Traversal vulnerability in Form submission data management Feature There is a Directory Traversal Vulnerability in Form submission data management Feature to baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible. ### Target baserCMS 4.7.8 and earlier versions ### Vulnerability There is a possibility that information on the server may be obtained by a user who is logged in to the management screen. ### Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more information. https://basercms.net/security/JVN_45547161 ### Credits Shiga Takuma@BroadBand Security, Inc
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00289 https://api.first.org/data/v1/epss?cve=CVE-2023-43648
cvssv3.1 4.9 https://basercms.net/security/JVN_81174674
cvssv3.1 4.9 https://basercms.net/security/JVN_81174674
generic_textual MODERATE https://basercms.net/security/JVN_81174674
ssvc Track https://basercms.net/security/JVN_81174674
cvssv3.1 4.9 https://github.com/baserproject/basercms
generic_textual MODERATE https://github.com/baserproject/basercms
cvssv3.1 4.9 https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b
cvssv3.1 4.9 https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b
generic_textual MODERATE https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b
ssvc Track https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b
cvssv3.1 4.9 https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55
cvssv3.1 4.9 https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55
generic_textual MODERATE https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55
ssvc Track https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55
cvssv3.1 4.9 https://nvd.nist.gov/vuln/detail/CVE-2023-43648
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2023-43648
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-43648
https://basercms.net/security/JVN_81174674
https://github.com/baserproject/basercms
https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b
https://nvd.nist.gov/vuln/detail/CVE-2023-43648
GHSA-hmqj-gv2m-hq55 https://github.com/advisories/GHSA-hmqj-gv2m-hq55
GHSA-hmqj-gv2m-hq55 https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://basercms.net/security/JVN_81174674
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://basercms.net/security/JVN_81174674
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:22:00Z/ Found at https://basercms.net/security/JVN_81174674
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/baserproject/basercms
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:22:00Z/ Found at https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:22:00Z/ Found at https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-43648
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.52624
EPSS Score 0.00289
Published At June 5, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-02T04:46:13.390691+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/baserproject/basercms/CVE-2023-43648.yml 38.6.0