Home Packages KEV Critical Insights Jobs Pricing

Loading…

Data from OSV.dev, CISA KEV, and FIRST EPSS.Sync status GitHub

CVE-2015-5640 — baserCMS Access Control Bypass · VulnScope

CVE-2015-5640

baserCMS Access Control Bypass

EPSS 0.44%

Description

baserCMS before 3.0.8 allows remote authenticated users to modify arbitrary user settings via a crafted request.

How to fix CVE-2015-5640

To remediate CVE-2015-5640, upgrade the affected package to a fixed version below.

Packagist/baserproject/basercms—upgrade to 3.0.8 or later

Is CVE-2015-5640 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 3.0.8

References (5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2015-5640
PATCHgithub.com/baserproject/basercms
WEBbasercms.net/security/JVN04855224
WEBjvndb.jvn.jp/jvndb/JVNDB-2015-000138
WEBjvn.jp/en/jp/JVN04855224/index.html

Metadata

Published: 5/13/2022
Modified: 12/3/2024

Also known as:

GHSA-v9gf-98vr-mgp2ghsa

Packagist/baserproject/basercms