GHSA-w935-p7mg-xc96

Source

https://github.com/advisories/GHSA-w935-p7mg-xc96

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w935-p7mg-xc96/GHSA-w935-p7mg-xc96.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-w935-p7mg-xc96

Aliases

CVE-2018-0575

Published

2022-05-14T03:06:07Z

Modified

2024-02-16T08:03:31.023356Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Sensitive Data Exposure in baserCMS

Details

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors.

Database specific

{
    "nvd_published_at": "2018-06-26T14:29:00Z",
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-07T00:21:32Z"
}

References

Affected packages

Packagist / baserproject/basercms

Package

Name: baserproject/basercms
Purl: pkg:composer/baserproject/basercms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Last affected

4.1.0.1

Affected versions

4.*

4.0.0

4.1.0

Packagist / baserproject/basercms

Package

Name: baserproject/basercms
Purl: pkg:composer/baserproject/basercms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

3.0.15

Affected versions

0.*

0.0.1

0.0.2

0.0.3

0.0.4

0.0.5

0.0.6

0.0.7

0.0.8

1.*

1.0.0

2.*

2.0.0-rc1

2.0.0-rc2

2.0.0-rc3

2.0.0-rc4

2.0.0-rc5

2.0.0-rc6

2.0.0

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.9

3.0.10

3.0.11

3.0.12

3.0.13

3.0.14

3.0.15