baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to execute arbitrary PHP code on the server via unspecified vectors.Referenceshttps://basercms.net/security/JVN78151490http://jvn.jp/en/jp/JVN78151490/index.html
