CVE-2020-15277

moderate-risk
Published 2020-10-30

baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1.

Do I need to act?

~
3.2% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.2/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Basercms

References (6)

Vendor Advisory https://basercms.net/security/20201029
Patch https://github.com/baserproject/basercms/commit/bb027c3967b0430adcff2d2fedbc23d3...
Patch https://github.com/baserproject/basercms/security/advisories/GHSA-6fmv-q269-55cw
Vendor Advisory https://basercms.net/security/20201029
Patch https://github.com/baserproject/basercms/commit/bb027c3967b0430adcff2d2fedbc23d3...
Patch https://github.com/baserproject/basercms/security/advisories/GHSA-6fmv-q269-55cw
37
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 6/34 · Minimal
Exposure 5/34 · Minimal