5.3

CVSS Score

3.0

Basic Information

CVE ID

CVE-2023-43792

GHSA ID

GHSA-vrm6-c878-fpq6

EPSS Score

0.56081%

CWE

CWE-94

Published

10/26/2023

Updated

11/8/2023

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-43792

CVE-2023-43792: baserCMS Code Injection Vulnerability in Mail Form Feature

There is a Code Injection Vulnerability in Mail Form to baserCMS.

Target

baserCMS 4.7.6 and earlier versions

Vulnerability

Malicious code may be executed in Mail Form Feature.

Countermeasures

Update to the latest version of baserCMS

Please refer to the following page to reference for more information. https://basercms.net/security/JVN_45547161

Credits

Shiga Takuma@BroadBand Security, Inc

(GitHub Advisory)

5.3

CVSS Score

3.0

Basic Information

CVE ID

CVE-2023-43792

GHSA ID

GHSA-vrm6-c878-fpq6

EPSS Score

0.56081%

CWE

CWE-94

Published

10/26/2023

Updated

11/8/2023

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
baserproject/basercms	composer	>= 4.6.0, <= 4.7.6

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

T**r* is * *o** Inj**tion Vuln*r**ility in M*il *orm to **s*r*MS. ### T*r**t **s*r*MS *.*.* *n* **rli*r v*rsions ### Vuln*r**ility M*li*ious *o** m*y ** *x**ut** in M*il *orm ***tur*. ### *ount*rm**sur*s Up**t* to t** l*t*st v*rsion o* **s*r*MS P

Reasoning

No *n*lysis *v*il**l*

5.3

Basic Information

Concerned about an active attack path?

CVE-2023-43792: baserCMS Code Injection Vulnerability in Mail Form Feature

Target

Vulnerability

Countermeasures

Credits

5.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI