High severity7.2NVD Advisory· Published Nov 5, 2018· Updated Jun 17, 2026
CVE-2018-18942
CVE-2018-18942
Description
In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
baserproject/basercmsPackagist | < 4.1.4 | 4.1.4 |
Affected products
1Patches
Vulnerability mechanics
References
7- sunu11.com/2018/10/31/baserCMS/nvdExploitThird Party Advisory
- basercms.net/release/4_1_4nvdRelease NotesVendor Advisory
- github.com/advisories/GHSA-rjc2-x53r-6c9rghsaADVISORY
- github.com/baserproject/basercms/issues/959nvdIssue TrackingThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2018-18942ghsaADVISORY
- web.archive.org/web/20200130073341/https://basercms.net/release/4_1_4ghsaWEB
- web.archive.org/web/20211209034642/http://sunu11.com/2018/10/31/baserCMSghsaWEB
News mentions
0No linked articles in our index yet.