GHSA-x73x-7gmx-w835

Source

https://github.com/advisories/GHSA-x73x-7gmx-w835

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-x73x-7gmx-w835/GHSA-x73x-7gmx-w835.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-x73x-7gmx-w835

Aliases

CVE-2017-10843

Published

2022-05-13T01:41:58Z

Modified

2024-12-02T05:44:05.132909Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

Arbitrary file delete in baserCMS

Details

baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to delete arbitrary files via unspecified vectors when the "File" field is being used in the mail form.

Database specific

{
    "nvd_published_at": "2017-08-29T01:35:00Z",
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-07T18:11:18Z"
}

References

Affected packages

Packagist / baserproject/basercms

Package

Name: baserproject/basercms
Purl: pkg:composer/baserproject/basercms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.15

Affected versions

2.*

2.0.0-rc1

2.0.0-rc2

2.0.0-rc3

2.0.0-rc4

2.0.0-rc5

2.0.0-rc6

3.*

3.0.7

3.0.7.1

3.0.8

3.0.8.1

3.0.9

3.0.9.1

3.0.10

3.0.10.1

3.0.11

3.0.11.1

3.0.12

3.0.13

3.0.14

Database specific

{
    "last_known_affected_version_range": "<= 3.0.14"
}

Packagist / baserproject/basercms

Package

Name: baserproject/basercms
Purl: pkg:composer/baserproject/basercms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.0.6

Affected versions

4.*

4.0.0

4.0.1

4.0.2

4.0.2.1

4.0.3

4.0.4

4.0.5

4.0.5.1

4.0.5.2

Database specific

{
    "last_known_affected_version_range": "<= 4.0.5"
}