CVE-2026-21861

Critical CVSS: 9.1

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS contains an OS command injection vulnerability in the core update functionality. An authenticated administrator can execute arbitrary OS commands on the server due to improper handling of user-controlled input that is directly passed to exec() without sufficient validation or escaping. This issue has been patched in version 5.2.3.

Vendor

Basercms

Product

Basercms

CWE

CWE-78

Yayın Tarihi

2026-03-31 01:16:35

Güncelleme

2026-04-01 20:29:39

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-78 Basercms CRITICAL Basercms 2026

Referanslar

https://basercms.net/security/JVN_20837860 https://github.com/baserproject/basercms/releases/tag/5.2.3 https://github.com/baserproject/basercms/security/advisories/GHSA-qxmc-6f24-g86g https://github.com/baserproject/basercms/security/advisories/GHSA-qxmc-6f24-g86g

Benzer Kayıtlar

Medium

CVE-2026-30879

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a cross-site scripting vulnerability i…

Critical

CVE-2026-30880

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command injection vulnerability…

High

CVE-2026-30940

baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme…

High

CVE-2026-32734

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has DOM-based cross-site scripting in tag…

Medium

CVE-2026-27697

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog…

Critical

CVE-2026-30877

baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in t…