OS Command Injection Vulnerability and Potential Zip Slip Vulnerability in baserCMS
Critical severity
GitHub Reviewed
Published
Nov 25, 2021
in
baserproject/basercms
•
Updated Feb 1, 2023
Description
Published by the National Vulnerability Database
Nov 26, 2021
Reviewed
Nov 29, 2021
Published to the GitHub Advisory Database
Dec 1, 2021
Last updated
Feb 1, 2023
There is an OS Command Injection Vulnerability on the management system of baserCMS.
This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users.
If you are eligible, please update to the new version as soon as possible.
Target
baserCMS 4.5.3 and earlier versions
Vulnerability
OS Command Injection Vulnerability.
Countermeasures
Update to the latest version of baserCMS
Credits
Akagi Yusuke @NTT-ME
References