CVE-2017-10842 — SQL Injection in Basercms

CWE-89 — SQL Injection3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.7%

top 28.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Baserproject Basercms Basercms Basercms Users Community Basercms

Timeline

PublishedAug 29

Latest updateMay 14

Description

SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶Packagistbaserproject/basercms4.0.0 — 4.0.6+1

▶NVDbasercms/basercms3.0.0 — 3.0.14+1

▶CVEListV5basercms_users_community/basercms3.0.14 and earlier, 4.0.5 and earlier+1

Patches

Patch: basercms.net ↗Patch: basercms.net ↗

🔴Vulnerability Details

OSV

baserCMS SQL Injection vulnerability↗2022-05-14

▶

GHSA

baserCMS SQL Injection vulnerability↗2022-05-14

▶