CVE-2018-18942
https://notcve.org/view.php?id=CVE-2018-18942
In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter. En baserCMS en versiones anteriores a la 4.1.4, lib\Baser\Model\ThemeConfig.php permite que atacantes remotos ejecuten código PHP arbitrario mediante el parámetro data[ThemeConfig][logo] en admin/theme_configs/form. • http://sunu11.com/2018/10/31/baserCMS https://basercms.net/release/4_1_4 https://github.com/baserproject/basercms/issues/959 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2018-0572
https://notcve.org/view.php?id=CVE-2018-0572
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors. baserCMS (baserCMS 4.1.0.1 y anteriores y baserCMS 3.0.15 y anteriores) permite que los atacantes remotos autenticados omitan las restricciones de acceso para ver o alterar contenido restringido mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN67881316/index.html https://basercms.net/security/JVN67881316 •
CVE-2018-0571
https://notcve.org/view.php?id=CVE-2018-0571
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files. baserCMS (baserCMS 4.1.0.1 y7 anteriores y baserCMS 3.0.15 y anteriores) permite que los atacantes remotos con privilegios "site operator" suban archivos arbitrarios. • http://jvn.jp/en/jp/JVN67881316/index.html https://basercms.net/security/JVN67881316 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2018-0573
https://notcve.org/view.php?id=CVE-2018-0573
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors. baserCMS (baserCMS 4.1.0.1 y anteriores y baserCMS 3.0.15 y anteriores) permite que los atacantes remotos omitan las restricciones de acceso para ver un archivo subido por un usuario del sitio mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN67881316/index.html https://basercms.net/security/JVN67881316 • CWE-269: Improper Privilege Management •
CVE-2018-0575
https://notcve.org/view.php?id=CVE-2018-0575
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors. baserCMS (baserCMS 4.1.0.1 y anteriores y baserCMS 3.0.15 y anteriores) permite que los atacantes remotos omitan las restricciones de acceso en el formulario mail para ver un archivo subido por un usuario del sitio mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN67881316/index.html https://basercms.net/security/JVN67881316 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •