CVE-2023-43648

baserCMS is a website development framework. Prior to version 4.8.0, there is a Directory Traversal Vulnerability in the form submission data management feature of baserCMS. Version 4.8.0 contains a patch for this issue.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://basercms.net/security/JVN_81174674	Vendor Advisory
https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b	Patch Third Party Advisory
https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-10-30 19:15

Updated : 2023-11-06 19:39

NVD link : CVE-2023-43648

Mitre link : CVE-2023-43648

CVE.ORG link : CVE-2023-43648

JSON object : View

Products Affected

basercms

basercms

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2023-43648", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2023-10-30T19:15:08.183", "references": [{"url": "https://basercms.net/security/JVN_81174674", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "baserCMS is a website development framework. Prior to version 4.8.0, there is a Directory Traversal Vulnerability in the form submission data management feature of baserCMS. Version 4.8.0 contains a patch for this issue."}, {"lang": "es", "value": "baserCMS es un framework de desarrollo de sitios web. Antes de la versi\u00f3n 4.8.0, hab\u00eda una vulnerabilidad de Directory Traversal en la funci\u00f3n de administraci\u00f3n de datos de env\u00edo de formularios de baserCMS. La versi\u00f3n 4.8.0 contiene un parche para este problema."}], "lastModified": "2023-11-06T19:39:02.777", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B92C5C4-A119-435E-95BF-F6595C49737C", "versionEndExcluding": "4.8.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}