GHSA-6j3p-vrph-j7qq

Suggest an improvement
Source
https://github.com/advisories/GHSA-6j3p-vrph-j7qq
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6j3p-vrph-j7qq/GHSA-6j3p-vrph-j7qq.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-6j3p-vrph-j7qq
Aliases
Published
2022-05-14T03:06:07Z
Modified
2024-02-16T08:16:10.814394Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
OS Command Injection in baserCMS
Details

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors.

Database specific
{
    "nvd_published_at": "2018-06-26T14:29:00Z",
    "cwe_ids": [
        "CWE-78"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-07T00:13:09Z"
}
References

Affected packages

Packagist / baserproject/basercms

Package

Name
baserproject/basercms
Purl
pkg:composer/baserproject/basercms

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.0
Last affected
4.1.0.1

Affected versions

4.*

4.0.0
4.1.0

Packagist / baserproject/basercms

Package

Name
baserproject/basercms
Purl
pkg:composer/baserproject/basercms

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
3.0.15

Affected versions

0.*

0.0.1
0.0.2
0.0.3
0.0.4
0.0.5
0.0.6
0.0.7
0.0.8

1.*

1.0.0

2.*

2.0.0-rc1
2.0.0-rc2
2.0.0-rc3
2.0.0-rc4
2.0.0-rc5
2.0.0-rc6
2.0.0

3.*

3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.9
3.0.10
3.0.11
3.0.12
3.0.13
3.0.14
3.0.15