|
[Japanese]
|
JVNDB-2015-000139
|
baserCMS vulnerable to SQL injection
|
|
baserCMS contains an SQL injection vulnerability.
baserCMS is an open-source Contents Management System (CMS). baserCMS contains a vulnerability that allows an authenticated user to inject arbitrary SQL statements (CWE-89).
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
|
CVSS V2 Severity:
Base Metrics 6.5 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: Single Instance
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
|
|
|
baserCMS Users Community
- baserCMS 3.0.7 and earlier
|
|
|
A logged in attacker may execute arbitrary SQL statements.
|
|
[Update the Software]
Update to the latest version according to the information provided by the developer.
[Apply the Patch]
Patches for versions 3.0.0 through 3.0.7 have been released. For more information, refer to "How to Apply the Patches".
|
|
baserCMS Users Community
|
|
- SQL Injection(CWE-89) [IPA Evaluation]
|
|
- CVE-2015-5641
|
|
- JVN : JVN#79633796
- National Vulnerability Database (NVD) : CVE-2015-5641
|
|
- [2015/09/30]
Web page was published
[2015/10/07]
References : Content was added
|
