What is CVE-2021-41243?

CVE-2021-41243 is a critical-severity vulnerability in Baserproject Basercms, classified under OS Command Injection. CVSS score: 9.1/10. Published 2021-11-26.

How severe is CVE-2021-41243?

Critical severity. CVSS v3 base score is 9.1 out of 10.

RCE in Baserproject Basercms

CVE-2021-41243

There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host o…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.028 (86.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L.

Affected products

Baserproject Basercms — versions < 4.5.4

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

github.com/baserproject/basercms/security/advisories/GHSA-7rpc-9m88-cf9w (x_refsource_CONFIRM)
github.com/baserproject/basercms/commit/9088b99c329d1faff3a2f1269f37b9a9d8d5f6ff (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-41243?: CVE-2021-41243 is a critical-severity vulnerability in Baserproject Basercms, classified under OS Command Injection. CVSS score: 9.1/10. Published 2021-11-26.
How severe is CVE-2021-41243?: Critical severity. CVSS v3 base score is 9.1 out of 10.