CVE-2011-2674 — BaserCMS privilege escallation

Description

BaserCMS before 1.6.12 does not properly restrict additions to the membership of the operators group, which allows remote authenticated users to gain privileges via unspecified vectors.

How to fix CVE-2011-2674

To remediate CVE-2011-2674, upgrade the affected package to a fixed version below.

Packagist/baserproject/basercms—upgrade to 1.6.12 or later

Is CVE-2011-2674 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 1.6.12

References (5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2011-2674
PATCHgithub.com/baserproject/basercms
WEBbasercms.net/patch/JVN09789751
WEBjvndb.jvn.jp/jvndb/JVNDB-2011-000066
WEBjvn.jp/en/jp/JVN16617002/index.html