PT-2021-23238 · Basercms · Basercms

Daniele Scanu

Published

2021-11-26

Updated

2021-12-01

CVE-2021-41279

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions baserCMS versions 4.5.3 and earlier

Description The issue affects baserCMS, an open source content management system with a focus on Japanese language support. Users with upload privilege may upload crafted zip files capable of path traversal on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users.

Recommendations For baserCMS versions 4.5.3 and earlier, update to the latest version of baserCMS as soon as possible. As a temporary workaround, consider restricting upload privileges to minimize the risk of exploitation.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2021-41279

GHSA-4X2F-54WR-4HJG

Affected Products

Basercms

PT-2021-23238 · Basercms · Basercms

CVE-2021-41279

Weakness Enumeration

Related Identifiers

Affected Products

References · 7