CVE-2023-43648

Description

baserCMS is a website development framework. Prior to version 4.8.0, there is a Directory Traversal Vulnerability in the form submission data management feature of baserCMS. Version 4.8.0 contains a patch for this issue.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected products

baserproject / basercms< 4.8.0 – < 4.8.0

References

VENDOR_ADVISORYhttps://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55
PATCHhttps://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b
MISChttps://basercms.net/security/JVN_81174674