Skip to content

File Uploader, Remote Code Execution (RCE)

Low
ryuring published GHSA-h4cc-fxpp-pgw9 Mar 23, 2023

Package

File Uploader (baserCMS)

Affected versions

<= 4.7.3

Patched versions

4.7.5

Description

Impact

There is a Remote Code Execution (RCE) Vulnerability on the management system of baserCMS.

Target

baserCMS 4.7.3 and earlier versions

Patches

Update to the latest version of baserCMS

Credits

島峰泰平@三井物産セキュアディレクション株式会社

Severity

Low

CVE ID

CVE-2023-25654

Weaknesses

No CWEs