CVE-2023-51450

baserCMS is a website development framework. Prior to version 5.0.9, there is an OS Command Injection vulnerability in the site search feature of baserCMS. Version 5.0.9 contains a fix for this vulnerability.

CVSS v3 5.6 MEDIUM

5.6^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://basercms.net/security/JVN_09767360
https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c
https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr

Configurations

No configuration.

History

No history.

Information

Published : 2024-02-22 15:15

Updated : 2024-02-22 19:07

NVD link : CVE-2023-51450

Mitre link : CVE-2023-51450

CVE.ORG link : CVE-2023-51450

JSON object : View

Products Affected

No product.

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

5.6 /10