GHSA-6wr6-54mw-mvhr

Suggest an improvement
Source
https://github.com/advisories/GHSA-6wr6-54mw-mvhr
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6wr6-54mw-mvhr/GHSA-6wr6-54mw-mvhr.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-6wr6-54mw-mvhr
Aliases
  • CVE-2011-2674
Published
2022-05-13T01:08:49Z
Modified
2024-01-15T18:41:35.475545Z
Summary
BaserCMS privilege escallation
Details

BaserCMS before 1.6.12 does not properly restrict additions to the membership of the operators group, which allows remote authenticated users to gain privileges via unspecified vectors.

Database specific 
{
    "nvd_published_at": "2011-10-02T02:53:00Z",
    "cwe_ids": [
        "CWE-269"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-15T18:23:42Z"
}
References

Affected packages

Packagist / baserproject/basercms

Package

Name
baserproject/basercms
Purl
pkg:composer/baserproject/basercms

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.6.12