Basic Analysis and Security Engine (BASE) is prone to multiple input- validation vulnerabilities because it fails to adequately sanitize user- supplied input. These vulnerabilities include an SQL-injection issue, a cross-site scripting issue, and a local file-include issue. Exploiting these issues can allow an attacker to steal cookie-based authentication credentials, view and execute local files within the context of the webserver, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible. These issues affect versions prior to BASE 1.4.4.
Updates are available. Please see the references for details.
CVE CVE-2009-4590, CVE-2009-4591, CVE-2009-4592, CVE-2009-4837, CVE-2009-4838, CVE-2009-4839
CVSS Base Score: 7.5