Miggo Logo
Miggo Vulnerability Database
CVE-2018-0571

CVE-2018-0571:
baserCMS arbitrary file upload vulnerability

4.3

CVSS Score
3.0

Basic Information

CVE ID
CVE-2018-0571
GHSA ID
GHSA-3mcp-6rv6-c69g
EPSS Score
0.38616%
CWE
CWE-434
Published
5/14/2022
Updated
7/7/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
baserproject/basercmscomposer>= 4.0.0, <= 4.1.0.14.1.1
baserproject/basercmscomposer<= 3.0.153.0.16

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

While exact function names aren't disclosed in available sources, the vulnerability description explicitly identifies the 'upload file management function' as the vulnerable component. In CMS architectures like baserCMS (CakePHP-based), file upload functionality is typically handled by a dedicated component or controller. The vulnerability pattern (CWE-434) strongly suggests insufficient file type validation in the upload handler. The confidence is high because: 1) Multiple sources explicitly reference the file management component 2) The attack vector matches classic unrestricted upload vulnerabilities 3) The required privilege level (site operator) aligns with backend file management functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

**s*r*MS (**s*r*MS *.*.*.* *n* **rli*r v*rsions, **s*r*MS *.*.** *n* **rli*r v*rsions) *llows r*mot* *tt**k*rs wit* * sit* op*r*tor privil*** to uplo** *r*itr*ry *il*s.

Reasoning

W*il* *x**t *un*tion n*m*s *r*n't *is*los** in *v*il**l* sour**s, t** vuln*r**ility **s*ription *xpli*itly i**nti*i*s t** 'uplo** *il* m*n***m*nt *un*tion' *s t** vuln*r**l* *ompon*nt. In *MS *r**it**tur*s lik* **s*r*MS (**k*P*P-**s**), *il* uplo** *