Skip to content

[baserCMS4] Code Injection Vulnerability in Mail Form Feature

Moderate
ryuring published GHSA-vrm6-c878-fpq6 Oct 26, 2023

Package

Mail Form Feature (baserCMS)

Affected versions

4.7.6

Patched versions

None

Description

There is a Code Injection Vulnerability in Mail Form to baserCMS.

Target

baserCMS 4.7.6 and earlier versions

Vulnerability

Malicious code may be executed in Mail Form Feature.

Countermeasures

Update to the latest version of baserCMS

Please refer to the following page to reference for more information.
https://basercms.net/security/JVN_45547161

Credits

Shiga Takuma@BroadBand Security, Inc

Severity

Moderate
5.3
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVE ID

CVE-2023-43792

Weaknesses

No CWEs