CVE-2018-0571 — Unrestricted File Upload in Basercms

CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 62.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Baserproject Basercms Basercms Basercms Users Community Basercms

Timeline

PublishedJun 26

Latest updateMay 14

Description

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶Packagistbaserproject/basercms4.0.0 — 4.1.1+1

▶NVDbasercms/basercms3.0.0 — 3.0.15+1

▶CVEListV5basercms_users_community/basercms(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)

🔴Vulnerability Details

GHSA

baserCMS arbitrary file upload vulnerability↗2022-05-14

▶

OSV

baserCMS arbitrary file upload vulnerability↗2022-05-14

▶