CVE-2020-15159

Cross-site Scripting to Remote Code Execution in BaserCMS (baserCMS における XSS (クロスサイトスクリプティング))

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file.The affected components are ThemeFilesController.php and UploaderFilesController.php. This is fixed in version 4.3.7.

Disclosure Date

2020/08/28

Credit

stypr (@stereotype32)

Affected-Versions

baserCMS: v4.0.0 to v4.3.6

CWE

  • CWE-79

Product-URLs

Back

会社情報

会社概要採用情報ニュース技術ブログ#FlattSecurityMagazine脆弱性リサーチプロジェクト

サービス紹介

Shisho Cloud(シショウ クラウド)KENRO(ケンロー)

お問い合わせ

お問い合わせフォーム採用お問い合わせフォームプライバシーポリシー