CVE-2017-10842 – baserproject/basercms

Package

Manager: composer
Name: baserproject/basercms
Vulnerable Version: >=0 <3.0.15 || >=4.0.0 <4.0.6

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.0067 pctl0.70439

Details

baserCMS SQL Injection vulnerability SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Metadata

Created: 2022-05-14T01:22:27Z
Modified: 2023-07-07T15:31:10Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jc94-wp59-pq4f/GHSA-jc94-wp59-pq4f.json
CWE IDs: ["CWE-89"]
Alternative ID: GHSA-jc94-wp59-pq4f
Finding: F297
Auto approve: 1