CVE-2026-30878

Medium CVSS: 5.3

baserCMS is a website development framework. Prior to version 5.2.3, a public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables spam or abuse via the API. This issue has been patched in version 5.2.3.

Vendor

Basercms

Product

Basercms

CWE

CWE-285

Yayın Tarihi

2026-03-31 01:16:35

Güncelleme

2026-04-01 20:28:15

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-285 Basercms MEDIUM Basercms 2026

Referanslar

https://basercms.net/security/JVN_20837860 https://github.com/baserproject/basercms/releases/tag/5.2.3 https://github.com/baserproject/basercms/security/advisories/GHSA-8cr7-r8qw-gp3c https://github.com/baserproject/basercms/security/advisories/GHSA-8cr7-r8qw-gp3c

Benzer Kayıtlar

Medium

CVE-2026-30879

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a cross-site scripting vulnerability i…

Critical

CVE-2026-30880

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command injection vulnerability…

High

CVE-2026-30940

baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme…

High

CVE-2026-32734

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has DOM-based cross-site scripting in tag…

Critical

CVE-2026-21861

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS contains an OS command injection vulnerabi…

Medium

CVE-2026-27697

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog…