In baserCMS prior to 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote malicious users to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
basercms basercms |