Total
45 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-18942 | 1 Basercms | 1 Basercms | 2020-08-24 | 6.5 MEDIUM | 7.2 HIGH |
In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter. | |||||
CVE-2016-4877 | 1 Basercms | 2 Basercms, Mail | 2020-01-23 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2016-4879 | 1 Basercms | 2 Basercms, Mail | 2020-01-23 | 6.8 MEDIUM | 8.8 HIGH |
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
CVE-2018-0572 | 1 Basercms | 1 Basercms | 2019-10-02 | 5.5 MEDIUM | 8.1 HIGH |
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors. | |||||
CVE-2018-0573 | 1 Basercms | 1 Basercms | 2019-10-02 | 5.0 MEDIUM | 5.3 MEDIUM |
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors. | |||||
CVE-2017-10843 | 1 Basercms | 1 Basercms | 2019-10-02 | 6.4 MEDIUM | 7.5 HIGH |
baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to delete arbitrary files via unspecified vectors when the "File" field is being used in the mail form. | |||||
CVE-2017-10844 | 1 Basercms | 1 Basercms | 2019-03-12 | 6.5 MEDIUM | 8.8 HIGH |
baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to execute arbitrary PHP code on the server via unspecified vectors. | |||||
CVE-2017-10842 | 1 Basercms | 1 Basercms | 2019-03-12 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2018-18943 | 1 Basercms | 1 Basercms | 2018-12-10 | 3.5 LOW | 4.8 MEDIUM |
An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the data[UploaderCategory][name] parameter to an admin/uploader/uploader_categories/edit URI. | |||||
CVE-2018-0575 | 1 Basercms | 1 Basercms | 2018-08-21 | 5.0 MEDIUM | 5.3 MEDIUM |
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors. | |||||
CVE-2018-0574 | 1 Basercms | 1 Basercms | 2018-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2018-0571 | 1 Basercms | 1 Basercms | 2018-08-21 | 4.0 MEDIUM | 4.3 MEDIUM |
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files. | |||||
CVE-2018-0570 | 1 Basercms | 1 Basercms | 2018-08-21 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2018-0569 | 1 Basercms | 1 Basercms | 2018-08-21 | 6.5 MEDIUM | 8.8 HIGH |
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors. | |||||
CVE-2016-4885 | 1 Basercms | 1 Basercms | 2017-05-18 | 6.8 MEDIUM | 8.8 HIGH |
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Feed version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
CVE-2016-4886 | 1 Basercms | 1 Basercms | 2017-05-18 | 6.8 MEDIUM | 8.8 HIGH |
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
CVE-2016-4884 | 1 Basercms | 1 Basercms | 2017-05-18 | 6.8 MEDIUM | 8.8 HIGH |
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
CVE-2016-4880 | 1 Basercms | 1 Basercms | 2017-05-18 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2016-4883 | 1 Basercms | 1 Basercms | 2017-05-18 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2016-4887 | 1 Basercms | 1 Basercms | 2017-05-18 | 6.8 MEDIUM | 8.8 HIGH |
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Uploader version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. |