CVE-2026-30877 | THREATINT

Description

baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges of the user account running baserCMS. This issue has been patched in version 5.2.3.

PUBLISHED Reserved 2026-03-06 | Published 2026-03-31 | Updated 2026-04-02 | Assigner GitHub_M

CRITICAL: 9.1CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

< 5.2.3

affected

References

github.com/...sercms/security/advisories/GHSA-m9g7-rgfc-jcm7

basercms.net/security/JVN_20837860

github.com/baserproject/basercms/releases/tag/5.2.3

cve.org (CVE-2026-30877)

nvd.nist.gov (CVE-2026-30877)

Download JSON