CVE-2026-30877

Critical CVSS: 9.1

baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges of the user account running baserCMS. This issue has been patched in version 5.2.3.

Vendor

Basercms

Product

Basercms

CWE

CWE-78

Yayın Tarihi

2026-03-31 01:16:35

Güncelleme

2026-04-01 20:28:43

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-78 Basercms CRITICAL Basercms 2026

Referanslar

https://basercms.net/security/JVN_20837860 https://github.com/baserproject/basercms/releases/tag/5.2.3 https://github.com/baserproject/basercms/security/advisories/GHSA-m9g7-rgfc-jcm7

Benzer Kayıtlar

Medium

CVE-2026-30879

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a cross-site scripting vulnerability i…

Critical

CVE-2026-30880

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command injection vulnerability…

High

CVE-2026-30940

baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme…

High

CVE-2026-32734

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has DOM-based cross-site scripting in tag…

Critical

CVE-2026-21861

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS contains an OS command injection vulnerabi…

Medium

CVE-2026-27697

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog…