CVE-2016-4876

Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators to execute arbitrary PHP code via unspecified vectors.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
jpcertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
VendorProductVersion
basercmsbasercms
3.0.10
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://basercms.net/security/JVN92765814
http://www.securityfocus.com/bid/93217
https://jvn.jp/en/jp/JVN92765814/index.html
http://basercms.net/security/JVN92765814
http://www.securityfocus.com/bid/93217
https://jvn.jp/en/jp/JVN92765814/index.html