CVE-2023-25655
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-25655
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25655.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-25655
- Aliases
- Published
- 2023-03-23T19:23:58Z
- Modified
- 2025-10-15T02:18:24.640979Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- baserCMS allows any file to be uploaded
- Details
-
baserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system of baserCMS. Version 4.7.5 contains a patch.
- References
-
- https://github.com/baserproject/basercms/security/advisories/GHSA-mfvg-qwcw-qvc8
- https://github.com/baserproject/basercms/commit/922025a98b0e697ab78f6a785a004e0729aa9100
- https://github.com/baserproject/basercms/commit/9297629983ed908c7f51bf61a0231dde91404ebd
- https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5
Affected packages
Git / github.com/baserproject/basercms
Affected ranges
- Type
- GIT
- Repo
- https://github.com/baserproject/basercms
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2.*
2.0.0
2.0.0-beta
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.5.1
2.1.0
2.1.1
2.1.2
3.*
3.0.0
3.0.1
3.0.10
3.0.11
3.0.11.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.5.1
3.0.6
3.0.6-beta
3.0.6.1
3.0.7
3.0.8
3.0.9
4.*
4.0.0
4.0.0-beta
4.0.1
4.0.10
4.0.10.1
4.0.11
4.0.2
4.0.2.1
4.0.3
4.0.4
4.0.5
4.0.5.1
4.0.5.2
4.0.6
4.0.7
4.0.8
4.0.9
4.1.0
4.1.0.1
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.1.7
4.1.8
4.2.0
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.3.0
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.3.6
4.3.7
4.3.7.1
4.4.0
4.4.1
4.4.1.1
4.4.2
4.4.2.1
4.4.3
4.4.4
4.4.5
4.4.6
4.4.7
4.4.8
4.5.0
4.5.1
4.5.2
4.5.3
4.5.4
4.5.5
4.5.6
4.6.0
4.6.1
4.6.1.1
4.6.2
4.6.3
4.7.0
4.7.2
4.7.3