CVE-2020-15277
published 2020-10-30CVE-2020-15277: baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an…
PriorityP344high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
2.21%
80.4th percentile
baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| basercms | basercms | >= 4.0.0 < 4.4.1 | 4.4.1 |
| baserproject | basercms | — | — |
| baserproject | basercms | >= 4.4.0 < 4.4.1 | 4.4.1 |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0
ghsa·2020-10-30
CVE-2020-15277 [HIGH] CWE-434 Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0
baserCMS 4.4.0 and earlier is affected by Remote Code Execution (RCE).
Impact: XSS via Arbitrary script execution.
Attack vector is: Administrator must be logged in.
Components are: Edit template.
Tested baserCMS Version : 4.4.0 (Latest)
Affected baserCMS Version : 4.0.0 ~ 4.4.0
Patches : https://basercms.net/security/20201029
Found by Aquilao Null
OSV
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0
osv·2020-10-30
CVE-2020-15277 [HIGH] Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0
baserCMS 4.4.0 and earlier is affected by Remote Code Execution (RCE).
Impact: XSS via Arbitrary script execution.
Attack vector is: Administrator must be logged in.
Components are: Edit template.
Tested baserCMS Version : 4.4.0 (Latest)
Affected baserCMS Version : 4.0.0 ~ 4.4.0
Patches : https://basercms.net/security/20201029
Found by Aquilao Null
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://basercms.net/security/20201029https://github.com/baserproject/basercms/commit/bb027c3967b0430adcff2d2fedbc23d39077563bhttps://github.com/baserproject/basercms/security/advisories/GHSA-6fmv-q269-55cwhttps://basercms.net/security/20201029https://github.com/baserproject/basercms/commit/bb027c3967b0430adcff2d2fedbc23d39077563bhttps://github.com/baserproject/basercms/security/advisories/GHSA-6fmv-q269-55cw
2020-10-30
Published