CVE-2026-30940

High CVSS: 7.2

baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API (/baser/api/admin/bc-theme-file/theme_files/add.json) that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path parameter to create a PHP file in an arbitrary directory outside the theme directory, which may result in remote code execution (RCE). This issue has been patched in version 5.2.3.

Vendor

Basercms

Product

Basercms

CWE

CWE-22

Yayın Tarihi

2026-03-31 01:16:36

Güncelleme

2026-04-01 20:26:17

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-22 Basercms HIGH Basercms 2026

Referanslar

https://basercms.net/security/JVN_20837860 https://github.com/baserproject/basercms/releases/tag/5.2.3 https://github.com/baserproject/basercms/security/advisories/GHSA-c5c6-37vq-pjcq

Benzer Kayıtlar

Medium

CVE-2026-30879

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a cross-site scripting vulnerability i…

Critical

CVE-2026-30880

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command injection vulnerability…

High

CVE-2026-32734

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has DOM-based cross-site scripting in tag…

Critical

CVE-2026-21861

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS contains an OS command injection vulnerabi…

Medium

CVE-2026-27697

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog…

Critical

CVE-2026-30877

baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in t…