CVE-2023-51450

Description

baserCMS is a website development framework. Prior to version 5.0.9, there is an OS Command Injection vulnerability in the site search feature of baserCMS. Version 5.0.9 contains a fix for this vulnerability.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Affected products

baserproject / basercms< 5.0.9 – < 5.0.9

References

VENDOR_ADVISORYhttps://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr
PATCHhttps://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c
MISChttps://basercms.net/security/JVN_09767360