baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to delete arbitrary files via unspecified vectors when the "File" field is being used in the mail form.
{
"cpe": "cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "3.0.0"
},
{
"last_affected": "3.0.14"
},
{
"introduced": "4.0.0"
},
{
"last_affected": "4.0.5"
}
],
"source": "CPE_RANGE"
}