CVE-2018-18942

EUVD-2022-5187
In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
Affected Products (NVD)
VendorProductVersion
basercmsbasercms
𝑥
< 4.1.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://sunu11.com/2018/10/31/baserCMS/
https://basercms.net/release/4_1_4
https://github.com/baserproject/basercms/issues/959
http://sunu11.com/2018/10/31/baserCMS/
https://basercms.net/release/4_1_4
https://github.com/baserproject/basercms/issues/959