Identifier

CVE-2020-15159

Package Slug

packagist/baserproject/basercms

Vulnerability

Cross-site Scripting

Description

baserCMS is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The affected components are ThemeFilesController.php and UploaderFilesController.php.

Affected Versions

All versions up to 4.3.6

Solution

Upgrade to version 4.3.7 or above.

Last Modified

2020-09-04

source