CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-41243

CRITICAL
9.1
CVSS Severity Score
EPSS Score0.1900%
EPSS Percentile41.40th
Published2021年11月26日
Last Modified2024年11月21日

Vulnerability Description

There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible.

Affected Platforms (CPE)

📦
Basercms

Basercms

< 4.5.4

References & Advisories

🔗 https://github.com/baserproject/basercms/commit/9088b99c329d1faff3a2f1269f37b9a9d8d5f6ff
🔗 https://github.com/baserproject/basercms/security/advisories/GHSA-7rpc-9m88-cf9w
🔗 https://github.com/baserproject/basercms/commit/9088b99c329d1faff3a2f1269f37b9a9d8d5f6ff
🔗 https://github.com/baserproject/basercms/security/advisories/GHSA-7rpc-9m88-cf9w

関連する脆弱性情報

CVE-2017-108429.8

SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL...

CVE-2016-11708.8

Cross-site request forgery (CSRF) vulnerability in the Casebook plugin before 0.9.4 for baserCMS allows remote attackers to hijack...

CVE-2016-11728.8

Cross-site request forgery (CSRF) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows remote attackers to hijack ...

CVE-2016-11748.8

Cross-site request forgery (CSRF) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to hijack...