CVE-2023-43648 - OpenCVE

baserCMS is a website development framework. Prior to version 4.8.0, there is a Directory Traversal Vulnerability in the form submission data management feature of baserCMS. Version 4.8.0 contains a patch for this issue.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Basercms	Basercms

Configuration 1 [-]

cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*

References

Link	Resource
https://basercms.net/security/JVN_81174674	Vendor Advisory
https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b	Patch Third Party Advisory
https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-10-30T18:24:24.733Z

Updated: 2023-10-30T18:24:24.733Z

Reserved: 2023-09-20T15:35:38.147Z

Link: CVE-2023-43648

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-30T19:15:08.183

Modified: 2023-11-06T19:39:02.777

Link: CVE-2023-43648

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*", "matchCriteriaId": "3B92C5C4-A119-435E-95BF-F6595C49737C", "versionEndExcluding": "4.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "baserCMS is a website development framework. Prior to version 4.8.0, there is a Directory Traversal Vulnerability in the form submission data management feature of baserCMS. Version 4.8.0 contains a patch for this issue."}, {"lang": "es", "value": "baserCMS es un framework de desarrollo de sitios web. Antes de la versi\u00f3n 4.8.0, hab\u00eda una vulnerabilidad de Directory Traversal en la funci\u00f3n de administraci\u00f3n de datos de env\u00edo de formularios de baserCMS. La versi\u00f3n 4.8.0 contiene un parche para este problema."}], "id": "CVE-2023-43648", "lastModified": "2023-11-06T19:39:02.777", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-10-30T19:15:08.183", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://basercms.net/security/JVN_81174674"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Primary"}]}