CVE-2021-41279

Published: Nov 26, 2021Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

BaserCMS is an open source content management system with a focus on Japanese language support. In affected versions users with upload privilege may upload crafted zip files capable of path traversal on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible.

Affected (1)

Products: Basercms: Basercms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Basercms Basercms	Before 4.5.4

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (4)

https://github.com/baserproject/basercms/commit/d8ab0a81a7bce35cc95ff7dff851a7e87a084336

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/baserproject/basercms/security/advisories/GHSA-4x2f-54wr-4hjg

Source: security-advisories@github.com

Third Party Advisory

https://github.com/baserproject/basercms/commit/d8ab0a81a7bce35cc95ff7dff851a7e87a084336

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/baserproject/basercms/security/advisories/GHSA-4x2f-54wr-4hjg

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.