Vulnerability Details : CVE-2020-15277
baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1.
Vulnerability category: Execute code
Products affected by CVE-2020-15277
- cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-15277
0.92%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-15277
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST | |
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
GitHub, Inc. |
CWE ids for CVE-2020-15277
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by:
- nvd@nist.gov (Primary)
- security-advisories@github.com (Secondary)
References for CVE-2020-15277
-
https://github.com/baserproject/basercms/security/advisories/GHSA-6fmv-q269-55cw
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0 · Advisory · baserproject/basercms · GitHubPatch;Third Party Advisory
-
https://github.com/baserproject/basercms/commit/bb027c3967b0430adcff2d2fedbc23d39077563b
Merge pull request from GHSA-6fmv-q269-55cw · baserproject/basercms@bb027c3 · GitHubPatch;Third Party Advisory
-
https://basercms.net/security/20201029
2020/10/29 コードインジェクション、XSSの脆弱性Vendor Advisory
Jump to