5.3

CVSS Score

3.0

-

CVSS Score

Basic Information

CVE ID

CVE-2018-0575

GHSA ID

GHSA-w935-p7mg-xc96

EPSS Score

0.38909%

CWE

CWE-200

Published

5/14/2022

Updated

10/6/2023

KEV Status

Technology

PHP

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2018-0575

CVE-2018-0575: Sensitive Data Exposure in baserCMS

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2018-0575

CVE-2018-0575:

5.3

CVSS Score

3.0

-

CVSS Score

Basic Information

CVE ID

CVE-2018-0575

GHSA ID

GHSA-w935-p7mg-xc96

EPSS Score

0.38909%

CWE

CWE-200

Published

5/14/2022

Updated

10/6/2023

KEV Status

Technology

PHP

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
baserproject/basercms	composer	>= 4.0.0, <= 4.1.0.1
baserproject/basercms	composer	<= 3.0.15

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability explicitly involves bypassing access controls in the mail form's file attachment functionality. The description indicates attackers can view uploaded files via unspecified vectors, which implies a missing authorization check in the file retrieval mechanism. In CMS architectures, file access is typically handled by controller actions. The MailFilesController::view action (or equivalent) would be responsible for serving uploaded mail attachments. The lack of proper access control in this function allows unauthenticated users to access files by directly invoking the endpoint with a known file identifier. This matches the CWE-200 pattern of exposing sensitive data through missing authorization checks.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5.3

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2018-0575: Sensitive Data Exposure in baserCMS

CVE-2018-0575:

5.3

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

CVE-2018-0575: Sensitive Data Exposure in baserCMS

5.3

5.3

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI