CVE-2023-43792 baserCMS is a website development framework vulnerable to Code Injection attacks

CVE-2023-43792 is a code injection vulnerability in the mail form of baserCMS versions 4.6.0 to 4.7.6. This vulnerability allows an attacker to inject arbitrary code into the baserCMS application, which could then be executed by other users of the application.
Updated on
November 6, 2023
Published on
November 6, 2023
Read MINUTES
6
Subscribe to the latest industry news, threats and resources.

Category: Vulnerability Intelligence

Vulnerability Class: Improper Control of Generation of Code ('Code Injection')

CVE ID: CVE-2023-43792

CVSS  Score: 5.3

Product Name: baserCMS

Executive Summary

CVE-2023-43792 is a code injection vulnerability in the mail form of baserCMS versions 4.6.0 to 4.7.6. This vulnerability allows an attacker to inject arbitrary code into the baserCMS application, which could then be executed by other users of the application.

Description:

BaserCMS is a website development framework written in PHP. In versions 4.6.0 to 4.7.6, there is a code injection vulnerability in the mail form of baserCMS. This vulnerability allows an attacker to inject arbitrary code into the baserCMS application, which could then be executed by other users of the application.
To exploit this vulnerability, an attacker would need to submit a malicious email to the baserCMS website. The malicious email would contain a specially crafted payload that would be injected into the baserCMS application. Once the payload is injected, it could be executed by other users of the application, such as when they view the email or visit the website.

Impact:

An attacker who successfully exploits this vulnerability could take control of the baserCMS application. This could allow the attacker to execute arbitrary code, install malware, or steal sensitive data.

Recommended Actions:

The following recommended actions are advised:
* Upgrade to baserCMS version 5.0.5 or later.
* If you cannot upgrade to baserCMS version 5.0.5 or later, you can mitigate this vulnerability by disabling the mail form functionality in baserCMS.

Steps to apply the fix manually 

To apply the fix manually, you will need to edit the `app/Config/bootstrap.php` file. In this file, find the following line:


```php
Configure::write('Mail.enable', true);
```
Change this line to:
```php
Configure::write('Mail.enable', false);
```



This will disable the mail form functionality in baserCMS.

Conclusion:

CVE-2023-43792 is a critical vulnerability in baserCMS that could allow an attacker to take control of the application. It is important to upgrade to baserCMS version 5.0.5 or later as soon as possible to mitigate this vulnerability.

Is POC available?

 At the time of writing this security advisory for CVE-2023-43792, a public proof of concept (POC) has not been released. Security Researchers at Cloudsek are continuously monitoring for any new updates being released on CVE-2023-43792, any further updates will be provided in the same advisory for future references.

 CVE-2023-43792 is a remotely exploitable attack, attackers could take advantage of this and exploit vulnerable targets using shodan and google dorks. Affected users are recommended to take the  recommended actions mentioned in the above security advisory.

References

* [CVE-2023-43792 Detail - NVD](https://nvd.nist.gov/vuln/detail/CVE-2023-43792#:~:text=Description,known%20patched%20versions%20are%20available.)
* [CVE-2023-43792](https://cve.report/CVE-2023-43792)
* [CVE-2023-43792: baserCMS Mail Form code injection - VulDB](https://vuldb.com/?id.243697)
* [CVE-2023-43792 | Vulnerability Database | Debricked](https://debricked.com/vulnerability-database/vulnerability/CVE-2023-43792)

Get Global Threat Intelligence on Real Time

Protect your business from cyber threats with real-time global threat intelligence data.. 30-day free and No Commitment Trial.
Schedule a Demo
Real time Threat Intelligence Data
More information and context about Underground Chatter
On-Demand Research Services
Dashboard mockup
Global Threat Intelligence Feed

Protect and proceed with Actionable Intelligence

The Global Cyber Threat Intelligence Feed is an innovative platform that gathers information from various sources to help businesses and organizations stay ahead of potential cyber-attacks. This feed provides real-time updates on cyber threats, including malware, phishing scams, and other forms of cybercrime.
Trusted by 400+ Top organisations