Page 12 of 59 results (0.002 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in baserCMS before 3.0.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en baserCMS en versiones anteriores a 3.0.8 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://basercms.net/security/JVN79633796 http://jvn.jp/en/jp/JVN79633796/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000139 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.1EPSS: 0%CPEs: 30EXPL: 0

app/config/core.php in baserCMS 1.6.15 and earlier does not properly handle installations in shared-hosting environments, which allows remote attackers to hijack sessions by leveraging administrative access to a different domain. app/config/core.php in baserCMS v1.6.15 y anteriores no maneja adecuadamente las instalaciones en entornos de alojamiento compartido, lo que permite a atacantes remotos secuestrar sesiones, aprovechando el acceso administrativo a un dominio diferente. • http://basercms.net/security/1 http://jvn.jp/en/jp/JVN53465692/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000043 http://www.securityfocus.com/bid/53543 https://exchange.xforce.ibmcloud.com/vulnerabilities/75660 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 27EXPL: 0

Cross-site scripting (XSS) vulnerability in BaserCMS before 1.6.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en BaserCMS anteriores a v1.6.13.2, permite a atacantes remotos inyectar script de su elección o HTML a través de vectores no especificados. • http://basercms.net/patch/JVN09789751 http://jvn.jp/en/jp/JVN09789751/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2011-000065 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.9EPSS: 0%CPEs: 24EXPL: 0

BaserCMS before 1.6.12 does not properly restrict additions to the membership of the operators group, which allows remote authenticated users to gain privileges via unspecified vectors. BaserCMS anterior a v1.6.12 no restringe adecuadamente las adiciones a los miembros del grupo de operadores, lo que permite a usuarios remotos autenticados obtener privilegios mediante vectores no especificados. • http://basercms.net/patch/JVN09789751 http://jvn.jp/en/jp/JVN16617002/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2011-000066 • CWE-264: Permissions, Privileges, and Access Controls •