Baserproject Basercms vulnerabilities

CVE-2023-29009 [MEDIUM] CWE-79 CVE-2023-29009: baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a X baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0.

CVE-2023-25655 [CRITICAL] CWE-434 CVE-2023-25655: baserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the man baserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system of baserCMS. Version 4.7.5 contains a patch.

CVE-2023-25654 [CRITICAL] CWE-434 CVE-2023-25654: baserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution (R baserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution (RCE) Vulnerability in the management system of baserCMS. Version 4.7.5 contains a patch.

CVE-2022-41994 [MEDIUM] CWE-79 baserCMS vulnerable to stored Cross-site Scripting baserCMS vulnerable to stored Cross-site Scripting Stored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.

CVE-2022-42486 [MEDIUM] CWE-79 baserCMS vulnerable to stored Cross-site Scripting baserCMS vulnerable to stored Cross-site Scripting Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.

CVE-2022-39325 [MEDIUM] CWE-79 CVE-2022-39325: BaserCMS is a content management system with a japanese language focus. In affected versions there i BaserCMS is a content management system with a japanese language focus. In affected versions there is a cross-site scripting vulnerability on the management system of baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. Users of baserCMS are advised to upgrade as soon as po

CVE-2016-4878 [HIGH] CWE-352 baserCMS Cross Site Request Forgery vulnerability baserCMS Cross Site Request Forgery vulnerability Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

CVE-2016-4881 [HIGH] CWE-352 CSRF in baserCMS 3.0.10 and earlier CSRF in baserCMS 3.0.10 and earlier Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

CVE-2016-4880 [MEDIUM] CWE-79 baserCMS Cross-site Scripting vulnerability baserCMS Cross-site Scripting vulnerability Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2017-10842 [CRITICAL] CWE-89 baserCMS SQL Injection vulnerability baserCMS SQL Injection vulnerability SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2018-0569 [HIGH] CWE-78 OS Command Injection in baserCMS OS Command Injection in baserCMS baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors.

CVE-2017-10844 [HIGH] CWE-94 Code Injection in baserCMS Code Injection in baserCMS baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to execute arbitrary PHP code on the server via unspecified vectors.

CVE-2018-18943 [MEDIUM] CWE-79 XSS in baserCMS before 4.1.4 XSS in baserCMS before 4.1.4 An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the `data[UploaderCategory][name]` parameter to an `admin/uploader/uploader_categories/edit` URI.

CVE-2018-0570 [MEDIUM] CWE-79 XSS in baserCMS XSS in baserCMS Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2018-0574 [MEDIUM] CWE-79 XSS in baserCMS XSS in baserCMS Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2018-0575 [MEDIUM] CWE-200 Sensitive Data Exposure in baserCMS Sensitive Data Exposure in baserCMS baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors.

CVE-2018-0571 [MEDIUM] CWE-434 baserCMS arbitrary file upload vulnerability baserCMS arbitrary file upload vulnerability baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files.

CVE-2017-10843 [HIGH] Arbitrary file delete in baserCMS Arbitrary file delete in baserCMS baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to delete arbitrary files via unspecified vectors when the "File" field is being used in the mail form.

CVE-2018-0572 [HIGH] baserCMS vulnerable to Access Control Bypass baserCMS vulnerable to Access Control Bypass baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors.

CVE-2016-4879 [HIGH] CWE-352 CSRF in baserCMS 3.0.10 and earlier CSRF in baserCMS 3.0.10 and earlier Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.