JVN#61105618
baserCMS vulnerable to arbitrary file uploads
Overview
baserCMS provided by baserCMS Users Community allows an authenticated user to upload arbitrary files.
Products Affected
- baserCMS versions prior to 4.7.5
Description
baserCMS provided by baserCMS Users Community allows an authenticated user to upload arbitrary files (CWE-434).
Impact
An user with Operator privilege may upload arbitrary files. As a result, arbitrary PHP code may be executed.
Solution
Update the software
Update the software to the latest version according to the information provided by the developer.
The developer released baserCMS 4.7.5 that contains a fix for this vulnerability.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| baserCMS Users Community | Vulnerable | 2023/06/01 | baserCMS Users Community website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
| Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) |
|---|---|---|---|
| Access Complexity(AC) | High (H) | Medium (M) | Low (L) |
| Authentication(Au) | Multiple (M) | Single (S) | None (N) |
| Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) |
| Integrity Impact(I) | None (N) | Partial (P) | Complete (C) |
| Availability Impact(A) | None (N) | Partial (P) | Complete (C) |
Comment
A file with a prohibited format can be uploaded, therefore, Integrity(I) is evaluated as Low (L) / Partial (P).
Credit
Taisei Inoue of GMO Cybersecurity by Ierae, Inc. and Yusuke Akagi of Mitsui Bussan Secure Directions, Inc., Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2023-25655 |
| JVN iPedia |
JVNDB-2023-000028 |
Update History
- 2023/06/01
- baserCMS Users Community update status
- 2023/06/01
- Information under the section [Credit] was updated.