baserCMS Code Injection Vulnerability in Mail Form Feature
Description
baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Code injection vulnerability in baserCMS mail form allows remote attackers to upload arbitrary files, leading to potential code execution.
Vulnerability
Description CVE-2023-43792 is a code injection vulnerability in the mail form feature of baserCMS, a PHP-based website development framework. The issue affects versions 4.6.0 through 4.7.6 [1]. Attackers can inject arbitrary code by exploiting insufficient input validation in the mail form, potentially leading to arbitrary file uploads [2].
Exploitation
This vulnerability can be exploited remotely without authentication, as no user interaction is required [3]. The attack complexity is low, and the attack vector is network-based, meaning an attacker only needs to send a crafted request to the vulnerable mail form endpoint to trigger the injection.
Impact
Successful exploitation allows an attacker to upload arbitrary files to the server, which may then be used to achieve remote code execution, compromise data integrity, or escalate privileges [2][3]. Given the absence of a patch at the time of disclosure, affected systems are at significant risk.
Mitigation
At the time of publication, no patched version is available [1]. The vendor recommends updating to the latest version once released [2]. As a workaround, administrators should disable the mail form plugin or implement strict input validation and file upload restrictions until a security update is applied.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
baserproject/basercmsPackagist | >= 4.6.0, <= 4.7.6 | — |
Affected products
2- baserproject/basercmsv5Range: >= 4.6.0, <= 4.7.6
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-vrm6-c878-fpq6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-43792ghsaADVISORY
- basercms.net/security/JVN_45547161ghsax_refsource_MISCWEB
- github.com/baserproject/basercms/security/advisories/GHSA-vrm6-c878-fpq6ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.