CVE-2015-5640
medium
CVSS v3
—
CVSS v2
6.5
VIR risk
6.5
Description
baserCMS Access Control Bypass
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: vultures@jpcert.or.jp — http://jvndb.jvn.jp/jvndb/JVNDB-2015-000138
Vendor advisory: vultures@jpcert.or.jp — http://jvn.jp/en/jp/JVN04855224/index.html
Vendor advisory: vultures@jpcert.or.jp — http://basercms.net/security/JVN04855224
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Packagist | baserproject/basercms | <3.0.8 | 3.0.8 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| basercms | basercms | {"endIncluding":"3.0.7"} | |
References
CWEs
CWE-264
Verify integrity in audit chain (admin only). AS-IS.