Shodan
Vulnerabilities
Vulnerable Software
Basercms:  >> Basercms  Security Vulnerabilities
CVE-2018-18943
An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the data[UploaderCategory][name] parameter to an admin/uploader/uploader_categories/edit URI.
CVSS Score
4.8
EPSS Score
0.003
Published
2018-11-05
CVE-2018-0573
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-06-26
CVE-2018-0574
Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-06-26
CVE-2018-0575
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-06-26
CVE-2018-0569
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors.
CVSS Score
8.8
EPSS Score
0.011
Published
2018-06-26
CVE-2018-0570
Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-06-26
CVE-2018-0571
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files.
CVSS Score
4.3
EPSS Score
0.002
Published
2018-06-26
CVE-2018-0572
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors.
CVSS Score
8.1
EPSS Score
0.002
Published
2018-06-26
CVE-2017-10842
SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.007
Published
2017-08-29
CVE-2017-10843
baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to delete arbitrary files via unspecified vectors when the "File" field is being used in the mail form.
CVSS Score
7.5
EPSS Score
0.006
Published
2017-08-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved