Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Basercms
(Basercms)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 59 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-06-26 | CVE-2018-0574 | Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Basercms | 6.1 | ||
| 2018-06-26 | CVE-2018-0573 | baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors. | Basercms | 5.3 | ||
| 2018-06-26 | CVE-2018-0572 | baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors. | Basercms | 8.1 | ||
| 2018-06-26 | CVE-2018-0571 | baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files. | Basercms | 4.3 | ||
| 2018-06-26 | CVE-2018-0570 | Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | Basercms | 5.4 | ||
| 2018-06-26 | CVE-2018-0569 | baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors. | Basercms | 8.8 | ||
| 2017-08-28 | CVE-2017-10844 | baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to execute arbitrary PHP code on the server via unspecified vectors. | Basercms | 8.8 | ||
| 2017-08-28 | CVE-2017-10842 | SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | Basercms | 9.8 | ||
| 2017-05-12 | CVE-2016-4887 | Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Uploader version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | Basercms | 8.8 | ||
| 2017-05-12 | CVE-2016-4886 | Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | Basercms | 8.8 |