CVE-2017-10843 – baserproject/basercms

Package

Manager: composer
Name: baserproject/basercms
Vulnerable Version: >=0 <3.0.15 || >=4.0.0 <4.0.6

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0057 pctl0.67643

Details

Arbitrary file delete in baserCMS baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to delete arbitrary files via unspecified vectors when the "File" field is being used in the mail form.

Metadata

Created: 2022-05-13T01:41:58Z
Modified: 2023-07-07T18:11:18Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-x73x-7gmx-w835/GHSA-x73x-7gmx-w835.json
CWE IDs: []
Alternative ID: GHSA-x73x-7gmx-w835
Finding: F123
Auto approve: 1