Show filters
59 Total Results
Displaying 31-40 of 59
Sort by:
Attacker Value
Unknown

CVE-2018-18942

Disclosure Date: November 05, 2018 (last updated November 27, 2024)
In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter.
0
0
Attacker Value
Unknown

CVE-2018-0569

Disclosure Date: June 26, 2018 (last updated November 26, 2024)
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2018-0570

Disclosure Date: June 26, 2018 (last updated November 26, 2024)
Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2018-0575

Disclosure Date: June 26, 2018 (last updated November 26, 2024)
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2018-0574

Disclosure Date: June 26, 2018 (last updated November 26, 2024)
Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2018-0572

Disclosure Date: June 26, 2018 (last updated November 26, 2024)
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2018-0573

Disclosure Date: June 26, 2018 (last updated November 26, 2024)
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2018-0571

Disclosure Date: June 26, 2018 (last updated November 26, 2024)
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files.
0
0
Attacker Value
Unknown

CVE-2017-10843

Disclosure Date: August 29, 2017 (last updated November 26, 2024)
baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to delete arbitrary files via unspecified vectors when the "File" field is being used in the mail form.
0
0
Attacker Value
Unknown

CVE-2017-10842

Disclosure Date: August 29, 2017 (last updated November 26, 2024)
SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
0
0
View More Topics  < Previous  Next >