What is CVE-2021-41279?

CVE-2021-41279 is a high-severity vulnerability in Baserproject Basercms, classified under Path Traversal. CVSS score: 7.7/10. Published 2021-11-26.

How severe is CVE-2021-41279?

High severity. CVSS v3 base score is 7.7 out of 10.

Is CVE-2021-41279 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Baserproject Basercms

CVE-2021-41279

BaserCMS is an open source content management system with a focus on Japanese language support. In affected versions users with upload privilege may upload crafted zip files capable of path traversal on the host operating system. This is a…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.004 (63.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.7 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N.

Affected products

Baserproject Basercms — versions < 4.5.3

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

References

github.com/baserproject/basercms/security/advisories/GHSA-4x2f-54wr-4hjg (x_refsource_CONFIRM)
github.com/baserproject/basercms/commit/d8ab0a81a7bce35cc95ff7dff851a7e87a084336 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-41279?: CVE-2021-41279 is a high-severity vulnerability in Baserproject Basercms, classified under Path Traversal. CVSS score: 7.7/10. Published 2021-11-26.
How severe is CVE-2021-41279?: High severity. CVSS v3 base score is 7.7 out of 10.
Is CVE-2021-41279 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.