Miggo Logo

CVE-2020-15159: Cross Site Scripting and RCE in baserCMS

7.7

CVSS Score
3.1

Basic Information

EPSS Score
0.80887%
Published
8/28/2020
Updated
1/9/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
baserproject/basercmscomposer>= 4.0.0, <= 4.3.64.3.7

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The RCE vulnerability stems from the UploaderFile model's validation logic, which did not restrict file uploads for admin users (allowing arbitrary extensions like PHP). The XSS occurs in ThemeFilesController's views due to unescaped output of the $currentPath variable. The commit diff confirms these fixes: adding h($currentPath) in views and introducing allowedAdmin configuration to enforce validation for admins.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

**s*r*MS *.*.* *n* **rli*r is *****t** *y *ross Sit* S*riptin* (XSS) *n* R*mot* *o** *x**ution (R**). * Imp**t: XSS to R** vi* *r*itr*ry *il* uplo**. * *tt**k v**tor is: **ministr*tor must ** lo**** in. * *ompon*nts *r*: T**m**il*s*ontroll*r.p*p, Up

Reasoning

T** R** vuln*r**ility st*ms *rom t** Uplo***r*il* mo**l's v*li**tion lo*i*, w*i** *i* not r*stri*t *il* uplo**s *or **min us*rs (*llowin* *r*itr*ry *xt*nsions lik* P*P). T** XSS o**urs in T**m**il*s*ontroll*r's vi*ws *u* to un*s**p** output o* t** `$