Download
| Alert*
|
CVE-2011-2674
BaserCMS before 1.6.12 does not properly restrict additions to the membership of the operators group, which allows remote authenticated users to gain privileges via unspecified vectors. CVE-2011-2673 Cross-site scripting (XSS) vulnerability in BaserCMS before 1.6.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CVE-2012-1248 app/config/core.php in baserCMS 1.6.15 and earlier does not properly handle installations in shared-hosting environments, which allows remote attackers to hijack sessions by leveraging administrative access to a different domain. |
