CVE-2021-41243

Name of the Vulnerable Software and Affected Versions baserCMS versions 4.5.3 and earlier

Description The management system of baserCMS has a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system. This issue needs to be addressed when the management system is used by an unspecified number of users.

Recommendations Update to the latest version of baserCMS. As a temporary workaround, consider restricting file upload permissions to minimize the risk of exploitation. Avoid using the file upload feature until the issue is resolved.