CVE-2025-32957 in baserproject basercmsinfo

Zusammenfassung (Englisch)

baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using require_once without validating or restricting the filename. An attacker can craft a malicious PHP file within the zip and achieve arbitrary code execution when it is included. This issue has been patched in version 5.2.3.

Zuständig

GitHub_M

Reservieren

14.04.2025

Veröffentlichung

31.03.2026

Einträge

VulDB provides additional information and datapoints for this CVE:

ID	Schwachstelle	CWE	Aus	Mas	CVE
354303	baserproject basercms require_once erweiterte Rechte	434	Nicht definiert	Offizieller Fix	CVE-2025-32957

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

◂ ZurückÜbersichtWeiter ▸

Do you know our Splunk app?

Download it now for free!