Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Basercms
(Basercms)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 59 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2011-10-02 | CVE-2011-2673 | Cross-site scripting (XSS) vulnerability in BaserCMS before 1.6.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Basercms | N/A | ||
| 2011-10-02 | CVE-2011-2674 | BaserCMS before 1.6.12 does not properly restrict additions to the membership of the operators group, which allows remote authenticated users to gain privileges via unspecified vectors. | Basercms | N/A | ||
| 2015-10-06 | CVE-2015-5640 | baserCMS before 3.0.8 allows remote authenticated users to modify arbitrary user settings via a crafted request. | Basercms | N/A | ||
| 2015-10-06 | CVE-2015-5641 | SQL injection vulnerability in baserCMS before 3.0.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | Basercms | N/A | ||
| 2018-11-05 | CVE-2018-18942 | In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter. | Basercms | 7.2 | ||
| 2017-05-12 | CVE-2016-4879 | Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | Basercms, Mail | N/A | ||
| 2017-05-12 | CVE-2016-4877 | Cross-site scripting vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | Basercms, Mail | N/A | ||
| 2017-08-29 | CVE-2017-10843 | baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to delete arbitrary files via unspecified vectors when the "File" field is being used in the mail form. | Basercms | 7.5 | ||
| 2018-11-05 | CVE-2018-18943 | An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the data[UploaderCategory][name] parameter to an admin/uploader/uploader_categories/edit URI. | Basercms | 4.8 | ||
| 2018-06-26 | CVE-2018-0575 | baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors. | Basercms | 5.3 |