CVE-2023-51450 – baserCMS OS command injection vulnerability in Installer
https://notcve.org/view.php?id=CVE-2023-51450
baserCMS is a website development framework. Prior to version 5.0.9, there is an OS Command Injection vulnerability in the site search feature of baserCMS. Version 5.0.9 contains a fix for this vulnerability. baserCMS es un framework de desarrollo de sitios web. Antes de la versión 5.0.9, había una vulnerabilidad de inyección de comandos del sistema operativo en la función de búsqueda de sitios de baserCMS. La versión 5.0.9 contiene una solución para esta vulnerabilidad. • https://basercms.net/security/JVN_09767360 https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-44379 – baserCMS Cross-site Scripting vulnerability in Site search Feature
https://notcve.org/view.php?id=CVE-2023-44379
baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the site search feature. Version 5.0.9 contains a fix for this vulnerability. baserCMS es un framework de desarrollo de sitios web. Antes de la versión 5.0.9, había una vulnerabilidad de cross site scripting en la función de búsqueda de sitios. La versión 5.0.9 contiene una solución para esta vulnerabilidad. • https://basercms.net/security/JVN_73283159 https://github.com/baserproject/basercms/commit/18549396e5a9b8294306a54a876af164b0b57da4 https://github.com/baserproject/basercms/security/advisories/GHSA-66c2-p8rh-qx87 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-43792 – baserCMS Code Injection Vulnerability in Mail Form Feature
https://notcve.org/view.php?id=CVE-2023-43792
baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available. baserCMS es un framework de desarrollo de sitios web. En las versiones 4.6.0 a 4.7.6, existe una vulnerabilidad de inyección de código en el formulario de correo de baserCMS. Al momento de la publicación, no hay versiones parcheadas disponibles. • https://basercms.net/security/JVN_45547161 https://github.com/baserproject/basercms/security/advisories/GHSA-vrm6-c878-fpq6 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-43649 – baserCMS CSRF vulnerability in Content preview Feature
https://notcve.org/view.php?id=CVE-2023-43649
baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue. baserCMS es un framework de desarrollo de sitios web. Antes de la versión 4.8.0, había una vulnerabilidad de Cross-Site Request Forgery (CSRF) en la función de vista previa de contenido de baserCMS. La versión 4.8.0 contiene un parche para este problema. • https://basercms.net/security/JVN_99052047 https://github.com/baserproject/basercms/commit/874c55433fead93e0be9df96fd28740f8047c8b6 https://github.com/baserproject/basercms/security/advisories/GHSA-fw9x-cqjq-7jx5 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-43648 – baserCMS Directory Traversal vulnerability in Form submission data management Feature
https://notcve.org/view.php?id=CVE-2023-43648
baserCMS is a website development framework. Prior to version 4.8.0, there is a Directory Traversal Vulnerability in the form submission data management feature of baserCMS. Version 4.8.0 contains a patch for this issue. baserCMS es un framework de desarrollo de sitios web. Antes de la versión 4.8.0, había una vulnerabilidad de Directory Traversal en la función de administración de datos de envío de formularios de baserCMS. La versión 4.8.0 contiene un parche para este problema. • https://basercms.net/security/JVN_81174674 https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •