<p>Upgrade <code>baserproject/basercms</code> to version 4.4.5 or higher.</p>

Command Injection Affecting baserproject/basercms package, versions <4.4.5

Snyk CVSS

Attack Complexity Low

Privileges Required High

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS 0.37% (73^rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PHP-BASERPROJECTBASERCMS-1300841
published 9 Jun 2021
disclosed 8 Jun 2021
credit Yamaguchi Kakeru, Sho Odagiri

Report a new vulnerability Found a mistake?

Introduced: 8 Jun 2021

CVE-2021-20682 Open this link in a new tab CWE-78 Open this link in a new tab

How to fix?

Upgrade baserproject/basercms to version 4.4.5 or higher.

Overview

baserproject/basercms is a Content management system based on CakePHP.

Affected versions of this package are vulnerable to Command Injection. If a malicious plugin is uploaded, arbitrary OS commands may be executed from the browser.

References

BaserCMS Security Advisory