Disclosure Date 2020/08/28

CVE-2020-15159

Cross-site Scripting to Remote Code Execution in BaserCMS

baserCMS における XSS (クロスサイトスクリプティング)

Description

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file.The affected components are ThemeFilesController.php and UploaderFilesController.php. This is fixed in version 4.3.7.