RSS   Podatności dla 'Basercms'   RSS

2015-10-05
 
CVE-2015-5641

 

 
SQL injection vulnerability in baserCMS before 3.0.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

 
 
CVE-2015-5640

 

 
baserCMS before 3.0.8 allows remote authenticated users to modify arbitrary user settings via a crafted request.

 
2012-05-15
 
CVE-2012-1248

CWE-264
 

 
app/config/core.php in baserCMS 1.6.15 and earlier does not properly handle installations in shared-hosting environments, which allows remote attackers to hijack sessions by leveraging administrative access to a different domain.

 
2011-10-01
 
CVE-2011-2674

 

 
BaserCMS before 1.6.12 does not properly restrict additions to the membership of the operators group, which allows remote authenticated users to gain privileges via unspecified vectors.

 
 
CVE-2011-2673

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in BaserCMS before 1.6.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

 


Copyright 2024, cxsecurity.com

 

Back to Top