Vulnerability-Lookup

CVE-2018-0569 (GCVE-0-2018-0569)

Vulnerability from cvelistv5 – Published: 2018-06-26 14:00 – Updated: 2024-08-05 03:28

Summary

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors.

Severity

No CVSS data available.

CWE

OS Command Injection

Assigner

jpcert

References

2 references

URL	Tags
https://basercms.net/security/JVN67881316	x_refsource_MISC
http://jvn.jp/en/jp/JVN67881316/index.html	third-party-advisoryx_refsource_JVN

Impacted products

1 product

Vendor	Product	Version
baserCMS Users Community	baserCMS	Affected: (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)

Date Public

2018-06-26 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:11.186Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://basercms.net/security/JVN67881316"
          },
          {
            "name": "JVN#67881316",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN67881316/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "baserCMS",
          "vendor": "baserCMS Users Community",
          "versions": [
            {
              "status": "affected",
              "version": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
            }
          ]
        }
      ],
      "datePublic": "2018-06-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "OS Command Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-26T13:57:01.000Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://basercms.net/security/JVN67881316"
        },
        {
          "name": "JVN#67881316",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN67881316/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0569",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "baserCMS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "baserCMS Users Community"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "OS Command Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://basercms.net/security/JVN67881316",
              "refsource": "MISC",
              "url": "https://basercms.net/security/JVN67881316"
            },
            {
              "name": "JVN#67881316",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN67881316/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2018-0569",
    "datePublished": "2018-06-26T14:00:00.000Z",
    "dateReserved": "2017-11-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T03:28:11.186Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2018-0569",
      "date": "2026-05-29",
      "epss": "0.01",
      "percentile": "0.77289"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.0.0\", \"versionEndIncluding\": \"3.0.15\", \"matchCriteriaId\": \"34D38D8D-C2EB-4556-8F63-958AE12A81CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*\", \"versionStartExcluding\": \"4.0.0\", \"versionEndIncluding\": \"4.1.0.1\", \"matchCriteriaId\": \"7E5C1217-EFE4-468D-BD83-B4812C3ADA00\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"baserCMS (baserCMS 4.1.0.1 y7 anteriores y baserCMS 3.0.15 y anteriores) permite que los atacantes remotos autenticados ejecuten comandos de sistema operativo arbitrarios mediante vectores sin especificar.\"}]",
      "id": "CVE-2018-0569",
      "lastModified": "2024-11-21T03:38:29.913",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-06-26T14:29:00.787",
      "references": "[{\"url\": \"http://jvn.jp/en/jp/JVN67881316/index.html\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://basercms.net/security/JVN67881316\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://jvn.jp/en/jp/JVN67881316/index.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://basercms.net/security/JVN67881316\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "vultures@jpcert.or.jp",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-0569\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2018-06-26T14:29:00.787\",\"lastModified\":\"2024-11-21T03:38:29.913\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"baserCMS (baserCMS 4.1.0.1 y7 anteriores y baserCMS 3.0.15 y anteriores) permite que los atacantes remotos autenticados ejecuten comandos de sistema operativo arbitrarios mediante vectores sin especificar.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndIncluding\":\"3.0.15\",\"matchCriteriaId\":\"34D38D8D-C2EB-4556-8F63-958AE12A81CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*\",\"versionStartExcluding\":\"4.0.0\",\"versionEndIncluding\":\"4.1.0.1\",\"matchCriteriaId\":\"7E5C1217-EFE4-468D-BD83-B4812C3ADA00\"}]}]}],\"references\":[{\"url\":\"http://jvn.jp/en/jp/JVN67881316/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://basercms.net/security/JVN67881316\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://jvn.jp/en/jp/JVN67881316/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://basercms.net/security/JVN67881316\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2018-15407

Vulnerability from cnvd - Published: 2018-08-15

Title

BaserCMS命令注入漏洞

Description

baserCMS是一套企业级内容管理系统（CMS）。 baserCMS 4.1.0.1及之前版本和3.0.15及之前版本中存在安全漏洞。远程攻击者可利用该漏洞执行任意的操作系统命令。

Severity

高

Patch Name

BaserCMS命令注入漏洞的补丁

Patch Description

baserCMS是一套企业级内容管理系统（CMS）。 baserCMS 4.1.0.1及之前版本和3.0.15及之前版本中存在安全漏洞。远程攻击者可利用该漏洞执行任意的操作系统命令。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布漏洞修复程序，请及时关注更新： http://jvn.jp/en/jp/JVN67881316/index.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-0569

Impacted products

Name
['BaserCMS BaserCMS <=4.1.0.1', 'BaserCMS BaserCMS <=3.0.15']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0569"
    }
  },
  "description": "baserCMS\u662f\u4e00\u5957\u4f01\u4e1a\u7ea7\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\uff08CMS\uff09\u3002\r\n\r\nbaserCMS 4.1.0.1\u53ca\u4e4b\u524d\u7248\u672c\u548c3.0.15\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u7684\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u3002",
  "discovererName": "Unknow",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://jvn.jp/en/jp/JVN67881316/index.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-15407",
  "openTime": "2018-08-15",
  "patchDescription": "baserCMS\u662f\u4e00\u5957\u4f01\u4e1a\u7ea7\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\uff08CMS\uff09\u3002\r\n\r\nbaserCMS 4.1.0.1\u53ca\u4e4b\u524d\u7248\u672c\u548c3.0.15\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u7684\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "BaserCMS\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "BaserCMS BaserCMS \u003c=4.1.0.1",
      "BaserCMS BaserCMS \u003c=3.0.15"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-0569",
  "serverity": "\u9ad8",
  "submitTime": "2018-05-22",
  "title": "BaserCMS\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

FKIE_CVE-2018-0569

Vulnerability from fkie_nvd - Published: 2018-06-26 14:29 - Updated: 2024-11-21 03:38

Severity

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors.

References

URL	Tags
vultures@jpcert.or.jp	http://jvn.jp/en/jp/JVN67881316/index.html	Third Party Advisory
vultures@jpcert.or.jp	https://basercms.net/security/JVN67881316	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN67881316/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://basercms.net/security/JVN67881316	Vendor Advisory

Impacted products

	Vendor	Product	Version
	basercms	basercms	*
	basercms	basercms	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "34D38D8D-C2EB-4556-8F63-958AE12A81CE",
              "versionEndIncluding": "3.0.15",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E5C1217-EFE4-468D-BD83-B4812C3ADA00",
              "versionEndIncluding": "4.1.0.1",
              "versionStartExcluding": "4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "baserCMS (baserCMS 4.1.0.1 y7 anteriores y baserCMS 3.0.15 y anteriores) permite que los atacantes remotos autenticados ejecuten comandos de sistema operativo arbitrarios mediante vectores sin especificar."
    }
  ],
  "id": "CVE-2018-0569",
  "lastModified": "2024-11-21T03:38:29.913",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-06-26T14:29:00.787",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN67881316/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://basercms.net/security/JVN67881316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN67881316/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://basercms.net/security/JVN67881316"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-6J3P-VRPH-J7QQ

Vulnerability from github – Published: 2022-05-14 03:06 – Updated: 2023-10-06 16:48

Summary

OS Command Injection in baserCMS

Details

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors.

Severity

8.8 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "baserproject/basercms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "last_affected": "4.1.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "baserproject/basercms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "3.0.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-0569"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-07T00:13:09Z",
    "nvd_published_at": "2018-06-26T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors.",
  "id": "GHSA-6j3p-vrph-j7qq",
  "modified": "2023-10-06T16:48:31Z",
  "published": "2022-05-14T03:06:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0569"
    },
    {
      "type": "WEB",
      "url": "https://basercms.net/security/JVN67881316"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/baserproject/basercms"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN67881316/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "OS Command Injection in baserCMS"
}

GSD-2018-0569

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors.

Aliases

CVE-2018-0569

Aliases

CVE-2018-0569

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-0569",
    "description": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors.",
    "id": "GSD-2018-0569"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-0569"
      ],
      "details": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors.",
      "id": "GSD-2018-0569",
      "modified": "2023-12-13T01:22:24.812638Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2018-0569",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "baserCMS",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "baserCMS Users Community"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "OS Command Injection"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://basercms.net/security/JVN67881316",
            "refsource": "MISC",
            "url": "https://basercms.net/security/JVN67881316"
          },
          {
            "name": "JVN#67881316",
            "refsource": "JVN",
            "url": "http://jvn.jp/en/jp/JVN67881316/index.html"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=3.0.0,\u003c=3.0.15||\u003e4.0.0,\u003c=4.1.0.1",
          "affected_versions": "All versions starting from 3.0.0 up to 3.0.15, all versions after 4.0.0 up to 4.1.0.1",
          "cvss_v2": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-78",
            "CWE-937"
          ],
          "date": "2018-08-21",
          "description": "baserCMS allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors.",
          "fixed_versions": [
            "4.1.1"
          ],
          "identifier": "CVE-2018-0569",
          "identifiers": [
            "CVE-2018-0569"
          ],
          "not_impacted": "Upgrade to version 4.1.1 or above.",
          "package_slug": "packagist/baserproject/basercms",
          "pubdate": "2018-06-26",
          "solution": "Unfortunately, there is no solution available yet.",
          "title": "OS Command Injection",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2018-0569",
            "https://basercms.net/security/JVN67881316"
          ],
          "uuid": "b0229147-e55c-49ce-a216-723cc02a72f7"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.0.15",
                "versionStartIncluding": "3.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.1.0.1",
                "versionStartExcluding": "4.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0569"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://basercms.net/security/JVN67881316",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://basercms.net/security/JVN67881316"
            },
            {
              "name": "JVN#67881316",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://jvn.jp/en/jp/JVN67881316/index.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2018-08-21T12:36Z",
      "publishedDate": "2018-06-26T14:29Z"
    }
  }
}

JVNDB-2018-000055

Vulnerability from jvndb - Published: 2018-05-22 14:53 - Updated:2019-12-27 18:10

Severity

6.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Summary

Multiple vulnerabilities in baserCMS

Details

baserCMS provided by baserCMS Users Community is an opensource content management system. baserCMS contains multiple vulnerabilities listed below. *Command injection (CWE-94) - CVE-2018-0569 *Cross-site scripting (CWE-79) - CVE-2018-0570 *Unrestricted Upload of File with Dangerous Type in upload file management function (CWE-434) - CVE-2018-0571 *Restrict access permissions failure in contents management function (CWE-264) - CVE-2018-0572 *Restrict access permissions failture for a content with a period being public is expired (CWE-264) - CVE-2018-0573 *Cross-site scripting in theme management function (CWE-79) - CVE-2018-0574 *Restrict access permissions failure in the function to attach files in mail form (CWE-264) - CVE-2018-0575 Following researchers reported respective vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning partnership. CVE-2018-0569, CVE-2018-0570, CVE-2018-0571, CVE-2018-0572, and CVE-2018-0573 Toshitsugu Yoneyama and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. CVE-2018-0574 and CVE-2018-0575 Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN67881316/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0569
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0570
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0571
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0572
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0573
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0574
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0575
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0569
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0570
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0571
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0572
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0573
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0574
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0575
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Code Injection(CWE-94)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

baserCMS Users Community

baserCMS

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000055.html",
  "dc:date": "2019-12-27T18:10+09:00",
  "dcterms:issued": "2018-05-22T14:53+09:00",
  "dcterms:modified": "2019-12-27T18:10+09:00",
  "description": "baserCMS provided by baserCMS Users Community is an opensource content management system. baserCMS contains multiple vulnerabilities listed below. \r\n\r\n*Command injection (CWE-94) - CVE-2018-0569 \r\n*Cross-site scripting (CWE-79) - CVE-2018-0570 \r\n*Unrestricted Upload of File with Dangerous Type in upload file management function (CWE-434) - CVE-2018-0571 \r\n*Restrict access permissions failure in contents management function (CWE-264) - CVE-2018-0572 \r\n*Restrict access permissions failture for a content with a period being public is expired (CWE-264) - CVE-2018-0573 \r\n*Cross-site scripting in theme management function (CWE-79) - CVE-2018-0574 \r\n*Restrict access permissions failure in the function to attach files in mail form (CWE-264) - CVE-2018-0575 \r\n\r\nFollowing researchers reported respective vulnerabilities to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning partnership.\r\n\r\n CVE-2018-0569, CVE-2018-0570, CVE-2018-0571, CVE-2018-0572, and CVE-2018-0573\r\n Toshitsugu Yoneyama and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc.\r\n\r\n CVE-2018-0574 and CVE-2018-0575\r\n Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000055.html",
  "sec:cpe": {
    "#text": "cpe:/a:basercms:basercms",
    "@product": "baserCMS",
    "@vendor": "baserCMS Users Community",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "6.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "6.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000055",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN67881316/index.html",
      "@id": "JVN#67881316",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0569",
      "@id": "CVE-2018-0569",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0570",
      "@id": "CVE-2018-0570",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0571",
      "@id": "CVE-2018-0571",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0572",
      "@id": "CVE-2018-0572",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0573",
      "@id": "CVE-2018-0573",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0574",
      "@id": "CVE-2018-0574",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0575",
      "@id": "CVE-2018-0575",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0569",
      "@id": "CVE-2018-0569",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0570",
      "@id": "CVE-2018-0570",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0571",
      "@id": "CVE-2018-0571",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0572",
      "@id": "CVE-2018-0572",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0573",
      "@id": "CVE-2018-0573",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0574",
      "@id": "CVE-2018-0574",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0575",
      "@id": "CVE-2018-0575",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-94",
      "@title": "Code Injection(CWE-94)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in baserCMS"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-0569 (GCVE-0-2018-0569)

CNVD-2018-15407

FKIE_CVE-2018-0569

GHSA-6J3P-VRPH-J7QQ

GSD-2018-0569

JVNDB-2018-000055

Tags

Sightings

Nomenclature