CVE-2015-5640: baserCMS Access Control Bypass

May 13, 2022 (updated August 1, 2023)

baserCMS before 3.0.8 allows remote authenticated users to modify arbitrary user settings via a crafted request.

References

basercms.net/security/JVN04855224
jvn.jp/en/jp/JVN04855224/index.html
jvndb.jvn.jp/jvndb/JVNDB-2015-000138
github.com/advisories/GHSA-v9gf-98vr-mgp2
nvd.nist.gov/vuln/detail/CVE-2015-5640

Detect and mitigate CVE-2015-5640 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →