CVE-2026-30877

high

Description

baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges of the user account running baserCMS. This issue has been patched in version 5.2.3.

References

https://github.com/baserproject/basercms/security/advisories/GHSA-m9g7-rgfc-jcm7

https://github.com/baserproject/basercms/releases/tag/5.2.3

https://basercms.net/security/JVN_20837860

Details

Source: Mitre, NVD

Published: 2026-03-31

Updated: 2026-04-01

Risk Information

CVSS v2

Base Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.2

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00174