Page 6 of 55 results (0.003 seconds)

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the data[UploaderCategory][name] parameter to an admin/uploader/uploader_categories/edit URI. Se ha descubierto un problema en versiones anteriores a la 4.1.4 de baserCMS. En la característica Register New Category del menú Upload, el nombre de categoría se puede emplear para Cross-Site Scripting (XSS) mediante el parámetro data[UploaderCategory][name] en un URI admin/uploader/uploader_categories/edit. • http://sunu11.com/2018/10/31/baserCMS https://basercms.net/release/4_1_4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter. En baserCMS en versiones anteriores a la 4.1.4, lib\Baser\Model\ThemeConfig.php permite que atacantes remotos ejecuten código PHP arbitrario mediante el parámetro data[ThemeConfig][logo] en admin/theme_configs/form. • http://sunu11.com/2018/10/31/baserCMS https://basercms.net/release/4_1_4 https://github.com/baserproject/basercms/issues/959 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors. baserCMS (baserCMS 4.1.0.1 y anteriores y baserCMS 3.0.15 y anteriores) permite que los atacantes remotos autenticados omitan las restricciones de acceso para ver o alterar contenido restringido mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN67881316/index.html https://basercms.net/security/JVN67881316 •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors. baserCMS (baserCMS 4.1.0.1 y7 anteriores y baserCMS 3.0.15 y anteriores) permite que los atacantes remotos autenticados ejecuten comandos de sistema operativo arbitrarios mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN67881316/index.html https://basercms.net/security/JVN67881316 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files. baserCMS (baserCMS 4.1.0.1 y7 anteriores y baserCMS 3.0.15 y anteriores) permite que los atacantes remotos con privilegios "site operator" suban archivos arbitrarios. • http://jvn.jp/en/jp/JVN67881316/index.html https://basercms.net/security/JVN67881316 • CWE-434: Unrestricted Upload of File with Dangerous Type •