CVE-2023-51450 — OS Command Injection in Basercms

CWE-78 — OS Command Injection3 documents3 sources

Severity

8.1HIGHNVD

EPSS

0.8%

top 26.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Baserproject Basercms Basercms

Timeline

PublishedFeb 22

Description

baserCMS is a website development framework. Prior to version 5.0.9, there is an OS Command Injection vulnerability in the site search feature of baserCMS. Version 5.0.9 contains a fix for this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages3 packages

▶NVDbasercms/basercms< 5.0.9

▶CVEListV5baserproject/basercms< 5.0.9

▶Packagistbaserproject/basercms< 5.0.9

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

baserCMS OS command injection vulnerability in Installer↗2024-02-22

▶

GHSA

baserCMS OS command injection vulnerability in Installer↗2024-02-22

▶