Miggo Logo
Miggo Vulnerability Database
CVE-2017-10842

CVE-2017-10842: baserCMS SQL Injection vulnerability

9.8

CVSS Score
3.0

Basic Information

CVE ID
CVE-2017-10842
GHSA ID
GHSA-jc94-wp59-pq4f
EPSS Score
0.70478%
CWE
CWE-89
Published
5/14/2022
Updated
7/7/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
baserproject/basercmscomposer<= 3.0.143.0.15
baserproject/basercmscomposer>= 4.0.0, <= 4.0.54.0.6

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability description explicitly links the SQL injection to the site's internal search functionality. In baserCMS, the SearchIndex model is central to search operations. The lack of input sanitization in this component would directly enable SQL injection, as user-controlled input (e.g., search terms) is incorporated into SQL queries without proper escaping or parameterization. This aligns with the CWE-89 classification and the attack vector described in the advisories.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

SQL inj**tion vuln*r**ility in t** **s*r*MS *.*.** *n* **rli*r, *.*.* *n* **rli*r *llows r*mot* *tt**k*rs to *x**ut* *r*itr*ry SQL *omm*n*s vi* unsp**i*i** v**tors.

Reasoning

T** vuln*r**ility **s*ription *xpli*itly links t** SQL inj**tion to t** sit*'s int*rn*l s**r** *un*tion*lity. In **s*r*MS, t** S**r**In**x mo**l is **ntr*l to s**r** op*r*tions. T** l**k o* input s*nitiz*tion in t*is *ompon*nt woul* *ir**tly *n**l* S