CVE-2017-10843
published 2017-08-29CVE-2017-10843: baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to delete arbitrary files via unspecified vectors when the "File" field is being…
PriorityP342high7.5CVSS 3.0
AVNACLPRNUINSUCNIHAN
EPSS
1.42%
69.5th percentile
baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to delete arbitrary files via unspecified vectors when the "File" field is being used in the mail form.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| basercms | basercms | 3.0.0 – 3.0.14 | — |
| basercms | basercms | 4.0.0 – 4.0.5 | — |
| basercms_users_community | basercms | — | — |
| basercms_users_community | basercms | — | — |
| baserproject | basercms | >= 0 < 3.0.15 | 3.0.15 |
| baserproject | basercms | >= 4.0.0 < 4.0.6 | 4.0.6 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Arbitrary file delete in baserCMS
osv·2022-05-13
CVE-2017-10843 [HIGH] Arbitrary file delete in baserCMS
Arbitrary file delete in baserCMS
baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to delete arbitrary files via unspecified vectors when the "File" field is being used in the mail form.
GHSA
Arbitrary file delete in baserCMS
ghsa·2022-05-13
CVE-2017-10843 [HIGH] Arbitrary file delete in baserCMS
Arbitrary file delete in baserCMS
baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to delete arbitrary files via unspecified vectors when the "File" field is being used in the mail form.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-08-29
Published