CVE-2023-51450

low-risk
Published 2024-02-22

baserCMS is a website development framework. Prior to version 5.0.9, there is an OS Command Injection vulnerability in the site search feature of baserCMS. Version 5.0.9 contains a fix for this vulnerability.

Do I need to act?

-
0.76% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.6/10 Medium
NETWORK / HIGH complexity

Affected Products (1)

Affected Vendors

Basercms

References (6)

Broken Link https://basercms.net/security/JVN_09767360
Patch https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e6...
Vendor Advisory https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr
Broken Link https://basercms.net/security/JVN_09767360
Patch https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e6...
Vendor Advisory https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr
26
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 3/34 · Minimal
Exposure 5/34 · Minimal