CVE-2023-43792

baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
GitHub_MCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
basercmsbasercms
4.6.0 ≤
𝑥
≤ 4.7.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://basercms.net/security/JVN_45547161
https://github.com/baserproject/basercms/security/advisories/GHSA-vrm6-c878-fpq6
https://basercms.net/security/JVN_45547161
https://github.com/baserproject/basercms/security/advisories/GHSA-vrm6-c878-fpq6