GHSA-mjj9-33j8-pfwh

Source

https://github.com/advisories/GHSA-mjj9-33j8-pfwh

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mjj9-33j8-pfwh/GHSA-mjj9-33j8-pfwh.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-mjj9-33j8-pfwh

Aliases

CVE-2018-0572

Published

2022-05-13T01:48:18Z

Modified

2024-12-02T05:59:58.043807Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

baserCMS vulnerable to Access Control Bypass

Details

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors.

Database specific

{
    "nvd_published_at": "2018-06-26T14:29:00Z",
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-07T15:29:50Z"
}

References

Affected packages

Packagist / baserproject/basercms

Package

Name: baserproject/basercms
Purl: pkg:composer/baserproject/basercms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.1.1

Affected versions

4.*

4.0.0

4.0.1

4.0.2

4.0.2.1

4.0.3

4.0.4

4.0.5

4.0.5.1

4.0.5.2

4.0.6

4.0.7

4.0.8

4.0.9

4.0.10

4.0.10.1

4.0.11

4.1.0

4.1.0.1

Database specific

{
    "last_known_affected_version_range": "<= 4.1.0.1"
}

Packagist / baserproject/basercms

Package

Name: baserproject/basercms
Purl: pkg:composer/baserproject/basercms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.16

Affected versions

2.*

2.0.0-rc1

2.0.0-rc2

2.0.0-rc3

2.0.0-rc4

2.0.0-rc5

2.0.0-rc6

3.*

3.0.7

3.0.7.1

3.0.8

3.0.8.1

3.0.9

3.0.9.1

3.0.10

3.0.10.1

3.0.11

3.0.11.1

3.0.12

3.0.13

3.0.14

3.0.15

Database specific

{
    "last_known_affected_version_range": "<= 3.0.15"
}