CVE-2023-25654

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-25654
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25654.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-25654
Aliases
Published
2023-03-23T19:22:30.154Z
Modified
2025-12-12T14:35:40.661072Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
baserCMS File Uploader Remote Code Execution (RCE) vulnerability
Details

baserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution (RCE) Vulnerability in the management system of baserCMS. Version 4.7.5 contains a patch.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/25xxx/CVE-2023-25654.json",
    "cwe_ids": [
        "CWE-434"
    ]
}
References

Affected packages

Git / github.com/baserproject/basercms

Affected ranges

Type
GIT
Repo
https://github.com/baserproject/basercms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
002886be0998c74c386e04f0b43688a8a45d7a96
Fixed
08247f0a633d8e836ce2e5cd2d53aa19901a1359
Fixed
60f83054d8131b0ace60716cec7e629b5eb3a8f0

Affected versions

2.*

2.0.0
2.0.0-beta
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.5.1
2.1.0
2.1.1
2.1.2

3.*

3.0.0
3.0.1
3.0.10
3.0.11
3.0.11.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.5.1
3.0.6
3.0.6-beta
3.0.6.1
3.0.7
3.0.8
3.0.9

4.*

4.0.0
4.0.0-beta
4.0.1
4.0.10
4.0.10.1
4.0.11
4.0.2
4.0.2.1
4.0.3
4.0.4
4.0.5
4.0.5.1
4.0.5.2
4.0.6
4.0.7
4.0.8
4.0.9
4.1.0
4.1.0.1
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.1.7
4.1.8
4.2.0
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.3.0
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.3.6
4.3.7
4.3.7.1
4.4.0
4.4.1
4.4.1.1
4.4.2
4.4.2.1
4.4.3
4.4.4
4.4.5
4.4.6
4.4.7
4.4.8
4.5.0
4.5.1
4.5.2
4.5.3
4.5.4
4.5.5
4.5.6
4.6.0
4.6.1
4.6.1.1
4.6.2
4.6.3
4.7.0
4.7.2
4.7.3