CVE-2011-2674: BaserCMS privilege escallation

May 13, 2022 (updated January 15, 2024)

BaserCMS before 1.6.12 does not properly restrict additions to the membership of the operators group, which allows remote authenticated users to gain privileges via unspecified vectors.

References

basercms.net/patch/JVN09789751
jvn.jp/en/jp/JVN16617002/index.html
jvndb.jvn.jp/jvndb/JVNDB-2011-000066
github.com/advisories/GHSA-6wr6-54mw-mvhr
nvd.nist.gov/vuln/detail/CVE-2011-2674

Code Behaviors & Features

Detect and mitigate CVE-2011-2674 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →