CVE-2012-1248

app/config/core.php in baserCMS 1.6.15 and earlier does not properly handle installations in shared-hosting environments, which allows remote attackers to hijack sessions by leveraging administrative access to a different domain.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.1 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:P/I:P/A:P
jpcertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
VendorProductVersion
basercmsbasercms
𝑥
≤ 1.6.15
basercmsbasercms
1.5.4
basercmsbasercms
1.5.5
basercmsbasercms
1.5.6
basercmsbasercms
1.5.7
basercmsbasercms
1.5.8
basercmsbasercms
1.5.9
basercmsbasercms
1.6.0
basercmsbasercms
1.6.1
basercmsbasercms
1.6.2
basercmsbasercms
1.6.3
basercmsbasercms
1.6.4
basercmsbasercms
1.6.5
basercmsbasercms
1.6.6
basercmsbasercms
1.6.7
basercmsbasercms
1.6.7.1
basercmsbasercms
1.6.8
basercmsbasercms
1.6.9
basercmsbasercms
1.6.9.1
basercmsbasercms
1.6.10
basercmsbasercms
1.6.11
basercmsbasercms
1.6.11.1
basercmsbasercms
1.6.11.2
basercmsbasercms
1.6.11.3
basercmsbasercms
1.6.11.4
basercmsbasercms
1.6.12
basercmsbasercms
1.6.13
basercmsbasercms
1.6.13.1
basercmsbasercms
1.6.13.6
basercmsbasercms
1.6.14
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://basercms.net/security/1
http://jvn.jp/en/jp/JVN53465692/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000043
http://www.securityfocus.com/bid/53543
https://exchange.xforce.ibmcloud.com/vulnerabilities/75660
http://basercms.net/security/1
http://jvn.jp/en/jp/JVN53465692/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000043
http://www.securityfocus.com/bid/53543
https://exchange.xforce.ibmcloud.com/vulnerabilities/75660