PT-2021-14141 · Basercms · Basercms
Sho Odagiri
·
Published
2021-03-26
·
Updated
2021-06-08
·
CVE-2021-20682
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
baserCMS versions prior to 4.4.5
Description:
The issue allows a remote attacker with administrative privileges to execute arbitrary OS commands. This can be achieved via unspecified vectors or the upload of malicious plugins.
Recommendations:
For baserCMS versions prior to 4.4.5, update to version 4.4.5 or later to resolve the issue. As a temporary workaround, consider restricting the upload of plugins and limiting administrative access to trusted users until the update can be applied.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Basercms