JVN#45547161: Multiple vulnerabilities in baserCMS

Overview

baserCMS provided by baserCMS Users Community contains multiple vulnerabilities.

Products Affected

CVE-2023-29009, CVE-2023-43647, CVE-2023-43648, CVE-2023-43649

baserCMS 4.7.8 and earlier

CVE-2023-43792

baserCMS 4.6.0 to 4.7.6

Description

baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.

Stored cross-site scripting vulnerability (CWE-79) - CVE-2023-29009

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4

CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score: 3.5
Reflected cross-site scripting vulnerability (CWE-79) - CVE-2023-43647

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score: 6.1

CVSS v2 AV:N/AC:H/Au:N/C:N/I:P/A:N Base Score: 2.6
Directory traversal vulnerability (CWE-22) - CVE-2023-43648

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Base Score: 4.9

CVSS v2 AV:N/AC:L/Au:S/C:P/I:N/A:N Base Score: 4.0
Cross-site request forgery vulnerability (CWE-352) - CVE-2023-43649

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Base Score: 6.3

CVSS v2 AV:N/AC:M/Au:N/C:P/I:P/A:P Base Score: 6.8
Arbitrary file upload vulnerability (CWE-434) - CVE-2023-43792

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score: 5.3

CVSS v2 AV:N/AC:L/Au:N/C:N/I:P/A:N Base Score: 5.0

Impact

An arbitrary script may be executed on the web browser of the user who is accessing the administrative page of the product - CVE-2023-29009, CVE-2023-43647
A user who is accessing the administrative page of the product may obtain arbitrary files on the product - CVE-2023-43648
If a user views a malicious page while logging in the administrative page of the product, arbitrary code may be executed on the server - CVE-2023-43649
A remote attacker may upload an arbitrary file to the product - CVE-2023-43792

Solution

Update the Software
Update the software to the latest version according to the information provided by the developer.
The developer has released the following versions that contain fixes for the vulnerabilities.

CVE-2023-29009, CVE-2023-43647, CVE-2023-43648, CVE-2023-43649

baserCMS 4.8.0

CVE-2023-43792

baserCMS 4.7.7

Vendor Status

Vendor	Status	Last Update	Vendor Notes
baserCMS Users Community	Vulnerable	2023/10/27	baserCMS Users Community website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

CVE-2023-29009
Kyohei Ota reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2023-43647, CVE-2023-43648, CVE-2023-43649, CVE-2023-43792
Shiga Takuma of BroadBand Security, Inc reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE	CVE-2023-29009
	CVE-2023-43647
	CVE-2023-43648
	CVE-2023-43649
	CVE-2023-43792
JVN iPedia	JVNDB-2023-000106

CVSS v3	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	Base Score: 5.4
CVSS v2	AV:N/AC:M/Au:S/C:N/I:P/A:N	Base Score: 3.5

CVSS v3	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	Base Score: 6.1
CVSS v2	AV:N/AC:H/Au:N/C:N/I:P/A:N	Base Score: 2.6

CVSS v3	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	Base Score: 4.9
CVSS v2	AV:N/AC:L/Au:S/C:P/I:N/A:N	Base Score: 4.0

CVSS v3	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L	Base Score: 6.3
CVSS v2	AV:N/AC:M/Au:N/C:P/I:P/A:P	Base Score: 6.8

CVSS v3	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	Base Score: 5.3
CVSS v2	AV:N/AC:L/Au:N/C:N/I:P/A:N	Base Score: 5.0

JVN#45547161 Multiple vulnerabilities in baserCMS