Arbitrary File Upload Affecting baserproject/basercms package, versions <3.0.16 >=4.0.0, <4.1.1


0.0
medium

Snyk CVSS

    Attack Complexity Low

    Threat Intelligence

    EPSS 0.08% (34th percentile)
Expand this section
NVD
4.3 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PHP-BASERPROJECTBASERCMS-72222
  • published 4 Jul 2018
  • disclosed 18 May 2018
  • credit Unknown

How to fix?

Upgrade baserproject/basercms to versions 3.0.16, 4.1.1 or higher.

Overview

baserproject/basercms is a Content management system based on CakePHP.

Affected versions of this package are vulnerable to Arbitrary File Upload. A remote attacker with a site operator privilege could upload arbitrary files.