GHSA-jc94-wp59-pq4f

Source

https://github.com/advisories/GHSA-jc94-wp59-pq4f

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jc94-wp59-pq4f/GHSA-jc94-wp59-pq4f.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-jc94-wp59-pq4f

Aliases

CVE-2017-10842

Published

2022-05-14T01:22:27Z

Modified

2024-02-16T08:04:49.565484Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

baserCMS SQL Injection vulnerability

Details

SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Database specific

{
    "github_reviewed": true,
    "severity": "CRITICAL",
    "nvd_published_at": "2017-08-29T01:35:00Z",
    "cwe_ids": [
        "CWE-89"
    ],
    "github_reviewed_at": "2023-07-07T15:31:10Z"
}

References

Affected packages

Packagist / baserproject/basercms

Package

Name: baserproject/basercms
Purl: pkg:composer/baserproject/basercms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.15

Affected versions

0.*

0.0.1

0.0.2

0.0.3

0.0.4

0.0.5

0.0.6

0.0.7

0.0.8

1.*

1.0.0

2.*

2.0.0-rc1

2.0.0-rc2

2.0.0-rc3

2.0.0-rc4

2.0.0-rc5

2.0.0-rc6

2.0.0

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.9

3.0.10

3.0.11

3.0.12

3.0.13

3.0.14

Database specific

last_known_affected_version_range

"<= 3.0.14"

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jc94-wp59-pq4f/GHSA-jc94-wp59-pq4f.json"