fkie_cve-2012-1248
Vulnerability from fkie_nvd
Published
2012-05-15 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
app/config/core.php in baserCMS 1.6.15 and earlier does not properly handle installations in shared-hosting environments, which allows remote attackers to hijack sessions by leveraging administrative access to a different domain.
References
vultures@jpcert.or.jphttp://basercms.net/security/1Vendor Advisory
vultures@jpcert.or.jphttp://jvn.jp/en/jp/JVN53465692/index.htmlThird Party Advisory
vultures@jpcert.or.jphttp://jvndb.jvn.jp/jvndb/JVNDB-2012-000043Third Party Advisory, VDB Entry
vultures@jpcert.or.jphttp://www.securityfocus.com/bid/53543Third Party Advisory, VDB Entry
vultures@jpcert.or.jphttps://exchange.xforce.ibmcloud.com/vulnerabilities/75660Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://basercms.net/security/1Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://jvn.jp/en/jp/JVN53465692/index.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://jvndb.jvn.jp/jvndb/JVNDB-2012-000043Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/53543Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/75660Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
basercms basercms *
basercms basercms 1.5.4
basercms basercms 1.5.5
basercms basercms 1.5.6
basercms basercms 1.5.7
basercms basercms 1.5.8
basercms basercms 1.5.9
basercms basercms 1.6.0
basercms basercms 1.6.1
basercms basercms 1.6.2
basercms basercms 1.6.3
basercms basercms 1.6.4
basercms basercms 1.6.5
basercms basercms 1.6.6
basercms basercms 1.6.7
basercms basercms 1.6.7.1
basercms basercms 1.6.8
basercms basercms 1.6.9
basercms basercms 1.6.9.1
basercms basercms 1.6.10
basercms basercms 1.6.11
basercms basercms 1.6.11.1
basercms basercms 1.6.11.2
basercms basercms 1.6.11.3
basercms basercms 1.6.11.4
basercms basercms 1.6.12
basercms basercms 1.6.13
basercms basercms 1.6.13.1
basercms basercms 1.6.13.6
basercms basercms 1.6.14


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E177355-90F0-4AE1-A974-AE1F1AF59B2F",
              "versionEndIncluding": "1.6.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:basercms:basercms:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "24D12EBB-50CA-4491-98CF-1D78F4DCEBC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:basercms:basercms:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA5D363F-B372-4858-A05D-4DF7128E9B30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:basercms:basercms:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23DD28B-4026-49DA-8ED2-958C2D413743",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:basercms:basercms:1.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "017C1673-F9F3-4F6F-94FE-086726A5DD86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:basercms:basercms:1.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FA3FCED-8667-49E3-BF87-C6C053CE509B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:basercms:basercms:1.5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFE4A6DD-E864-4C93-A378-013E6BCDC2EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:basercms:basercms:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDF547F8-8D6B-451B-9855-5CB54265361B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:basercms:basercms:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "725389EC-421C-49FF-9E1B-983EBD461395",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:basercms:basercms:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "84740A0A-E240-4918-8560-A47B6C763794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:basercms:basercms:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD1B50C5-2103-48C4-B722-02ECEEF4A57E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:basercms:basercms:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AC3ABEA-A1D5-4CAE-BE39-5B5E13D8D864",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:basercms:basercms:1.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "72258051-C4CB-48A5-ABA6-800B905B262C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:basercms:basercms:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "80B26377-F7DF-49B9-8B9A-A85A9DB7752E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:basercms:basercms:1.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDF17F32-1264-45FD-B75B-936129D47F0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:basercms:basercms:1.6.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D767AF3D-CA44-45CD-96F9-E3F52F685876",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:basercms:basercms:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8B0526C-C10F-4500-89E0-CD73D1B5D37E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:basercms:basercms:1.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "850934DF-8CCE-4F37-B68A-1DA78E02729C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:basercms:basercms:1.6.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE109C1E-7BBF-4A74-ADDF-934DD043A021",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:basercms:basercms:1.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3146BD38-B48F-459B-87A1-9766AC0EFD9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:basercms:basercms:1.6.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A6F0689-8AB7-4333-8344-36CD3214836F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:basercms:basercms:1.6.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0391BCBC-E09C-44FC-8BE4-F9DEB162EB24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:basercms:basercms:1.6.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DC8C543-8332-43E1-BC0D-5B26DB08DD11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:basercms:basercms:1.6.11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83269CF4-4C66-4BB0-AE16-AE4D19ED6702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:basercms:basercms:1.6.11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DEC8A79-8C9F-4953-8EE2-E9D114C0FB8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:basercms:basercms:1.6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7202398-594A-414A-BAA2-B841236B53E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:basercms:basercms:1.6.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "0178B221-7327-4A11-A4F6-1C3244871D6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:basercms:basercms:1.6.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFEE9E7C-44D3-482E-8115-8C6993155D46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:basercms:basercms:1.6.13.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1F1E9F4-4AD4-465D-A71F-240BB3283425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:basercms:basercms:1.6.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "5063D7EE-942D-4D27-98A3-C6C1226C9AF6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "app/config/core.php in baserCMS 1.6.15 and earlier does not properly handle installations in shared-hosting environments, which allows remote attackers to hijack sessions by leveraging administrative access to a different domain."
    },
    {
      "lang": "es",
      "value": "app/config/core.php in baserCMS v1.6.15 y anteriores no maneja adecuadamente las instalaciones en entornos de alojamiento compartido, lo que permite a atacantes remotos secuestrar sesiones, aprovechando el acceso administrativo a un dominio diferente."
    }
  ],
  "id": "CVE-2012-1248",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-05-15T20:55:02.010",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://basercms.net/security/1"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN53465692/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000043"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/53543"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75660"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://basercms.net/security/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN53465692/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000043"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/53543"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75660"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.