Information from baserCMS Users Community
Vulnerability ID:JVN#45547161
Title:Multiple vulnerabilities in baserCMS
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
baserCMS has the following vulnerability.
If you are affected by this issue, please update to the new version as soon as possible.
- CVE-2023-29009: Stored cross-site scripting
- CVE-2023-43647: Reflected cross-site scripting
- CVE-2023-43648: Directory traversal
- CVE-2023-43649: Cross-site request forgery
- CVE-2023-43792: Arbitrary file upload
### Target
CVE-2023-29009, CVE-2023-43647, CVE-2023-43648, CVE-2023-43649
baserCMS 4.7.8 and earlier versions
CVE-2023-43792
baserCMS 4.6.0 to 4.7.6 versions
### Vulnerability
CVE2023-29009, CVE-2023-43647
An arbitrary script is executed on the web browser of the user who accesses the management screen of the product.
CVE-2023-43648
Users who access the management screen of the product can obtain any files.
CVE-2023-43649
If a user who is logged in to the product's management screen accesses the specially crafted page, arbitrary code will be executed on the server.
CVE-2023-43792
Arbitrary files are uploaded by a remote third party
### Countermeasures
Update to the latest version of baserCMS
Please refer to the following page to reference for more information.
https://basercms.net/security/JVN_45547161
### Credits
- ota kyohei
- Shiga Takuma@BroadBand Security, Inc
