CVE-2018-0575 – baserproject/basercms

Package

Manager: composer
Name: baserproject/basercms
Vulnerable Version: >=4.0.0 <=4.1.0.1 || >=0 <=3.0.15

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00169 pctl0.38581

Details

Sensitive Data Exposure in baserCMS baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors.

Metadata

Created: 2022-05-14T03:06:07Z
Modified: 2023-10-06T16:45:42Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w935-p7mg-xc96/GHSA-w935-p7mg-xc96.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-w935-p7mg-xc96
Finding: F038
Auto approve: 1