Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
baserCMS: OS Command Injection in the baserCMS Update Functionality
Vulnerability Description
baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges of the user account running baserCMS. This issue has been patched in version 5.2.3.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
baserCMS 操作系统命令注入漏洞
Vulnerability Description
baserCMS是baserCMS团队的一套企业级内容管理系统(CMS)。 baserCMS 5.2.3之前版本存在操作系统命令注入漏洞,该漏洞源于更新功能存在OS命令注入,可能导致执行任意OS命令。
CVSS Information
N/A
Vulnerability Type
N/A