CVE-2015-5640: baserCMS Access Control Bypass
N/A
CVSS Score
Basic Information
CVE ID
GHSA ID
EPSS Score
0.62363%
CWE
-
Published
5/13/2022
Updated
8/1/2023
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
-
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
baserproject/basercms | composer | <= 3.0.7 | 3.0.8 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability description indicates improper access control in user settings modification. In MVC frameworks like baserCMS, user management typically resides in UsersController. The admin_edit action would handle user profile updates. The vulnerability suggests this endpoint didn't properly validate if the authenticated user had rights to modify the target user ID (likely passed via request parameters), enabling ID manipulation attacks. The CWE-264 classification and 'crafted request' reference support this pattern. While exact code isn't available, this matches common access control flaws in CMS user management components.