CVE-2018-0575
published 2018-06-26CVE-2018-0575: baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to…
PriorityP428medium5.3CVSS 3.0
AVNACLPRNUINSUCLINAN
EPSS
1.18%
63.8th percentile
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| basercms | basercms | <= 4.1.0.1 | — |
| basercms | basercms | 3.0.0 – 3.0.15 | — |
| basercms_users_community | basercms | — | — |
| baserproject | basercms | 0 – 3.0.15 | — |
| baserproject | basercms | 4.0.0 – 4.1.0.1 | — |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Sensitive Data Exposure in baserCMS
ghsa·2022-05-14
CVE-2018-0575 [MEDIUM] CWE-200 Sensitive Data Exposure in baserCMS
Sensitive Data Exposure in baserCMS
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors.
OSV
Sensitive Data Exposure in baserCMS
osv·2022-05-14
CVE-2018-0575 [MEDIUM] Sensitive Data Exposure in baserCMS
Sensitive Data Exposure in baserCMS
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-06-26
Published