Vulnerabilities > CVE-2020-15159 - Unspecified vulnerability in Basercms

047910
CVSS 7.6 - HIGH
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
high complexity
basercms

Summary

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file.The affected components are ThemeFilesController.php and UploaderFilesController.php. This is fixed in version 4.3.7.

Vulnerable Configurations

Part Description Count
Application
Basercms
109