CVE-2020-15277 — Unrestricted File Upload in Basercms

CWE-434 — Unrestricted File Upload CWE-74 — Injection3 documents3 sources

Severity

7.2HIGHNVD

EPSS

3.2%

top 12.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Basercms Baserproject Basercms

Timeline

PublishedOct 30

Description

baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages3 packages

▶NVDbasercms/basercms4.0.0 — 4.4.1

▶Packagistbaserproject/basercms4.4.0 — 4.4.1

▶CVEListV5baserproject/basercms>= 4.0.0, < 4.4.1

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0↗2020-10-30

▶

OSV

Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0↗2020-10-30

▶