Vulnerabilities > Basercms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-30 | CVE-2020-15277 | Unrestricted Upload of File with Dangerous Type vulnerability in Basercms baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). | 6.5 |
| 2020-08-28 | CVE-2020-15159 | Cross-site Scripting vulnerability in Basercms baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). | 4.6 |
| 2018-11-05 | CVE-2018-18942 | Unrestricted Upload of File with Dangerous Type vulnerability in Basercms In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter. | 6.5 |
| 2018-06-26 | CVE-2018-0575 | Information Exposure vulnerability in Basercms baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors. | 5.0 |
| 2018-06-26 | CVE-2018-0574 | Cross-site Scripting vulnerability in Basercms Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2018-06-26 | CVE-2018-0573 | Improper Privilege Management vulnerability in Basercms baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors. | 5.0 |
| 2018-06-26 | CVE-2018-0572 | Unspecified vulnerability in Basercms baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors. | 5.5 |
| 2018-06-26 | CVE-2018-0571 | Unrestricted Upload of File with Dangerous Type vulnerability in Basercms baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files. | 4.0 |
| 2018-06-26 | CVE-2018-0569 | OS Command Injection vulnerability in Basercms baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors. | 6.5 |
| 2017-08-29 | CVE-2017-10844 | Code Injection vulnerability in Basercms baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to execute arbitrary PHP code on the server via unspecified vectors. | 6.5 |