Page 6 of 52 results (0.003 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors. baserCMS (baserCMS 4.1.0.1 y7 anteriores y baserCMS 3.0.15 y anteriores) permite que los atacantes remotos autenticados ejecuten comandos de sistema operativo arbitrarios mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN67881316/index.html https://basercms.net/security/JVN67881316 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files. baserCMS (baserCMS 4.1.0.1 y7 anteriores y baserCMS 3.0.15 y anteriores) permite que los atacantes remotos con privilegios "site operator" suban archivos arbitrarios. • http://jvn.jp/en/jp/JVN67881316/index.html https://basercms.net/security/JVN67881316 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors. baserCMS (baserCMS 4.1.0.1 y anteriores y baserCMS 3.0.15 y anteriores) permite que los atacantes remotos omitan las restricciones de acceso para ver un archivo subido por un usuario del sitio mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN67881316/index.html https://basercms.net/security/JVN67881316 • CWE-269: Improper Privilege Management •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors. baserCMS (baserCMS 4.1.0.1 y anteriores y baserCMS 3.0.15 y anteriores) permite que los atacantes remotos omitan las restricciones de acceso en el formulario mail para ver un archivo subido por un usuario del sitio mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN67881316/index.html https://basercms.net/security/JVN67881316 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en baserCMS (baserCMS 4.1.0.1 y anteriores y baserCMS 3.0.15 y anteriores) permite a atacantes remotos autenticados inyectar scripts web o HTML arbitrarios utilizando vectores no especificados. • http://jvn.jp/en/jp/JVN67881316/index.html https://basercms.net/security/JVN67881316 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •