Packagist (Composer) package
baserproject/basercms
pkg:composer/baserproject/basercms
Vulnerabilities (56)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-0575 | — | >= 4.0.0, <= 4.1.0.1 | — | Jun 26, 2018 | baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors. | ||
| CVE-2018-0574 | — | >= 4.0.0, <= 4.1.0.1 | — | Jun 26, 2018 | Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2018-0573 | — | < 3.0.16 | 3.0.16 | Jun 26, 2018 | baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors. | ||
| CVE-2018-0572 | — | >= 4.0.0, < 4.1.1 | 4.1.1 | Jun 26, 2018 | baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors. | ||
| CVE-2018-0571 | — | >= 4.0.0, < 4.1.1 | 4.1.1 | Jun 26, 2018 | baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files. | ||
| CVE-2018-0570 | — | >= 4.0.0, <= 4.1.0.1 | — | Jun 26, 2018 | Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2018-0569 | — | >= 4.0.0, <= 4.1.0.1 | — | Jun 26, 2018 | baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors. | ||
| CVE-2017-10844 | Hig | 8.8 | <= 3.0.14 | — | Aug 29, 2017 | baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to execute arbitrary PHP code on the server via unspecified vectors. | |
| CVE-2017-10843 | Hig | 7.5 | < 3.0.15 | 3.0.15 | Aug 29, 2017 | baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to delete arbitrary files via unspecified vectors when the "File" field is being used in the mail form. | |
| CVE-2017-10842 | Cri | 9.8 | < 3.0.15 | 3.0.15 | Aug 29, 2017 | SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |
| CVE-2016-4881 | Hig | 8.8 | < 3.0.11 | 3.0.11 | May 12, 2017 | Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |
| CVE-2016-4880 | Med | 5.4 | < 3.0.11 | 3.0.11 | May 12, 2017 | Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |
| CVE-2016-4879 | Hig | 8.8 | <= 3.0.10 | — | May 12, 2017 | Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |
| CVE-2016-4878 | Hig | 8.8 | < 3.0.11 | 3.0.11 | May 12, 2017 | Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |
| CVE-2015-5640 | — | < 3.0.8 | 3.0.8 | Oct 6, 2015 | baserCMS before 3.0.8 allows remote authenticated users to modify arbitrary user settings via a crafted request. | ||
| CVE-2011-2674 | — | < 1.6.12 | 1.6.12 | Oct 2, 2011 | BaserCMS before 1.6.12 does not properly restrict additions to the membership of the operators group, which allows remote authenticated users to gain privileges via unspecified vectors. |
- CVE-2018-0575Jun 26, 2018affected >= 4.0.0, <= 4.1.0.1
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors.
- CVE-2018-0574Jun 26, 2018affected >= 4.0.0, <= 4.1.0.1
Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2018-0573Jun 26, 2018affected < 3.0.16fixed 3.0.16
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors.
- CVE-2018-0572Jun 26, 2018affected >= 4.0.0, < 4.1.1fixed 4.1.1
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors.
- CVE-2018-0571Jun 26, 2018affected >= 4.0.0, < 4.1.1fixed 4.1.1
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files.
- CVE-2018-0570Jun 26, 2018affected >= 4.0.0, <= 4.1.0.1
Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2018-0569Jun 26, 2018affected >= 4.0.0, <= 4.1.0.1
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors.
- affected <= 3.0.14
baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to execute arbitrary PHP code on the server via unspecified vectors.
- affected < 3.0.15fixed 3.0.15
baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to delete arbitrary files via unspecified vectors when the "File" field is being used in the mail form.
- affected < 3.0.15fixed 3.0.15
SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- affected < 3.0.11fixed 3.0.11
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
- affected < 3.0.11fixed 3.0.11
Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
- affected <= 3.0.10
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
- affected < 3.0.11fixed 3.0.11
Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
- CVE-2015-5640Oct 6, 2015affected < 3.0.8fixed 3.0.8
baserCMS before 3.0.8 allows remote authenticated users to modify arbitrary user settings via a crafted request.
- CVE-2011-2674Oct 2, 2011affected < 1.6.12fixed 1.6.12
BaserCMS before 1.6.12 does not properly restrict additions to the membership of the operators group, which allows remote authenticated users to gain privileges via unspecified vectors.
Page 3 of 3