CVE-2023-43648 — Path Traversal in Basercms

CWE-22 — Path Traversal3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 50.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Baserproject Basercms Basercms

Timeline

Latest updateOct 26

PublishedOct 30

Description

baserCMS is a website development framework. Prior to version 4.8.0, there is a Directory Traversal Vulnerability in the form submission data management feature of baserCMS. Version 4.8.0 contains a patch for this issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDbasercms/basercms< 4.8.0

▶CVEListV5baserproject/basercms< 4.8.0

▶Packagistbaserproject/basercms< 4.8.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

baserCMS Directory Traversal vulnerability in Form submission data management Feature↗2023-10-26

▶

GHSA

baserCMS Directory Traversal vulnerability in Form submission data management Feature↗2023-10-26

▶