Headline
GHSA-vrm6-c878-fpq6: baserCMS Code Injection Vulnerability in Mail Form Feature
There is a Code Injection Vulnerability in Mail Form to baserCMS.
Target
baserCMS 4.7.6 and earlier versions
Vulnerability
Malicious code may be executed in Mail Form Feature.
Countermeasures
Update to the latest version of baserCMS
Please refer to the following page to reference for more information. https://basercms.net/security/JVN_45547161
Credits
Shiga Takuma@BroadBand Security, Inc
Package
composer baserproject/basercms (Composer)
Affected versions
>= 4.6.0, <= 4.7.6
Patched versions
None
Description
There is a Code Injection Vulnerability in Mail Form to baserCMS.
Target
baserCMS 4.7.6 and earlier versions
Vulnerability
Malicious code may be executed in Mail Form Feature.
Countermeasures
Update to the latest version of baserCMS
Please refer to the following page to reference for more information.
https://basercms.net/security/JVN_45547161
Credits
Shiga Takuma@BroadBand Security, Inc
References
- GHSA-vrm6-c878-fpq6
- https://basercms.net/security/JVN_45547161
ryuring published to baserproject/basercms
Oct 26, 2023
Published to the GitHub Advisory Database
Oct 26, 2023
Reviewed
Oct 26, 2023
Related news
baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available.