CVE-2023-51450

baserCMS is a website development framework. Prior to version 5.0.9, there is an OS Command Injection vulnerability in the site search feature of baserCMS. Version 5.0.9 contains a fix for this vulnerability.

CVSS v3 5.6 MEDIUM

5.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://basercms.net/security/JVN_09767360	Broken Link
https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c	Patch
https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr	Vendor Advisory
https://basercms.net/security/JVN_09767360	Broken Link
https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c	Patch
https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*

History

18 Dec 2024, 16:55

Type	Values Removed	Values Added
First Time		Basercms Basercms basercms
CPE		cpe:2.3:a:basercms:basercms::::::::
References	~~() https://basercms.net/security/JVN_09767360 -~~	() https://basercms.net/security/JVN_09767360 - Broken Link
References	~~() https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c -~~	() https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c - Patch
References	~~() https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr -~~	() https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr - Vendor Advisory

Information

Published : 2024-02-22 15:15

Updated : 2024-12-18 16:55

NVD link : CVE-2023-51450

Mitre link : CVE-2023-51450

CVE.ORG link : CVE-2023-51450

JSON object : View

Products Affected

basercms

basercms

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2023-51450", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2024-02-22T15:15:08.290", "references": [{"url": "https://basercms.net/security/JVN_09767360", "tags": ["Broken Link"], "source": "security-advisories@github.com"}, {"url": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://basercms.net/security/JVN_09767360", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "baserCMS is a website development framework. Prior to version 5.0.9, there is an OS Command Injection vulnerability in the site search feature of baserCMS. Version 5.0.9 contains a fix for this vulnerability."}, {"lang": "es", "value": "baserCMS es un framework de desarrollo de sitios web. Antes de la versi\u00f3n 5.0.9, hab\u00eda una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en la funci\u00f3n de b\u00fasqueda de sitios de baserCMS. La versi\u00f3n 5.0.9 contiene una soluci\u00f3n para esta vulnerabilidad."}], "lastModified": "2024-12-18T16:55:17.013", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26BF6684-E207-4771-9223-1B473F279058", "versionEndExcluding": "5.0.9"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}