CVE-2023-51450
baserCMS OS command injection vulnerability in Installer
Severity Score
5.6
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
baserCMS is a website development framework. Prior to version 5.0.9, there is an OS Command Injection vulnerability in the site search feature of baserCMS. Version 5.0.9 contains a fix for this vulnerability.
baserCMS es un framework de desarrollo de sitios web. Antes de la versión 5.0.9, había una vulnerabilidad de inyección de comandos del sistema operativo en la función de búsqueda de sitios de baserCMS. La versión 5.0.9 contiene una solución para esta vulnerabilidad.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-12-19 CVE Reserved
- 2024-02-22 CVE Published
- 2024-02-23 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://basercms.net/security/JVN_09767360 | X_refsource_misc | |
https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c | X_refsource_misc | |
https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Baserproject Search vendor "Baserproject" | Basercms Search vendor "Baserproject" for product "Basercms" | < 5.0.9 Search vendor "Baserproject" for product "Basercms" and version " < 5.0.9" | en |
Affected
|