{"id":"GHSA-h4cc-fxpp-pgw9","summary":"baserCMS File Uploader Remote Code Execution (RCE) vulnerability","details":"### Impact\nThere is a Remote Code Execution (RCE) Vulnerability on the management system of baserCMS.\n\n### Target\nbaserCMS 4.7.3 and earlier versions\n\n### Patches\nUpdate to the latest version of baserCMS\n\n### Credits\n島峰泰平＠三井物産セキュアディレクション株式会社\n","aliases":["CVE-2023-25654"],"modified":"2023-11-08T04:11:52.920516Z","published":"2023-03-23T20:00:08Z","database_specific":{"cwe_ids":["CWE-434"],"nvd_published_at":"2023-03-23T20:15:00Z","github_reviewed":true,"severity":"CRITICAL","github_reviewed_at":"2023-03-23T20:00:08Z"},"references":[{"type":"WEB","url":"https://github.com/baserproject/basercms/security/advisories/GHSA-h4cc-fxpp-pgw9"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25654"},{"type":"WEB","url":"https://github.com/baserproject/basercms/commit/002886be0998c74c386e04f0b43688a8a45d7a96"},{"type":"WEB","url":"https://github.com/baserproject/basercms/commit/08247f0a633d8e836ce2e5cd2d53aa19901a1359"},{"type":"WEB","url":"https://github.com/baserproject/basercms/commit/60f83054d8131b0ace60716cec7e629b5eb3a8f0"},{"type":"PACKAGE","url":"https://github.com/baserproject/basercms"},{"type":"WEB","url":"https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5"}],"affected":[{"package":{"name":"baserproject/basercms","ecosystem":"Packagist","purl":"pkg:composer/baserproject/basercms"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.7.5"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-h4cc-fxpp-pgw9/GHSA-h4cc-fxpp-pgw9.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}