752 matches found
GHSA-JMQ3-X8Q7-J9QM baserCMS has a cross-site scripting vulnerability in blog posts
baserCMS has a cross-site scripting vulnerability in blog posts. Target baserCMS 5.2.1 and earlier versions Vulnerability Malicious Javascript may be executed in blog posts. Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more...
GHSA-8CR7-R8QW-GP3C baserCMS has Mail Form Acceptance Bypass via Public API
Summary A public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables spam or abuse via the API. Details In baserCMS, mail form...
EUVD-2026-17259
baserCMS Update Functionality Vulnerable to OS Command Injection...
baserCMS Update Functionality Vulnerable to OS Command Injection
Summary The latest version of baserCMS basercms-5.2.2 contains an OS command injection vulnerability CWE-78 in its update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges of the us...
GHSA-M9G7-RGFC-JCM7 baserCMS Update Functionality Vulnerable to OS Command Injection
Summary The latest version of baserCMS basercms-5.2.2 contains an OS command injection vulnerability CWE-78 in its update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges of the us...
EUVD-2026-17257
baserCMS has an SQL injection vulnerability in its blog post functionality...
baserCMS has an SQL injection vulnerability in its blog post functionality
baserCMS has a SQL injection vulnerability in blog posts. Target baserCMS 5.2.2 and earlier versions Vulnerability Malicious SQL may be executed in blog posts. Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more information...
GHSA-VH89-RJPH-2G7P baserCMS has an SQL injection vulnerability in its blog post functionality
baserCMS has a SQL injection vulnerability in blog posts. Target baserCMS 5.2.2 and earlier versions Vulnerability Malicious SQL may be executed in blog posts. Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more information...
EUVD-2026-17255
baserCMS has OS Command Injection Leading to Remote Code Execution RCE...
baserCMS has OS Command Injection Leading to Remote Code Execution (RCE)
Summary In the core update functionality of baserCMS, some parameters sent from the admin panel are passed to the exec function without proper validation or escaping. This issue allows an authenticated CMS administrator to execute arbitrary OS commands on the server Remote Code Execution, RCE. Th...
GHSA-QXMC-6F24-G86G baserCMS has OS Command Injection Leading to Remote Code Execution (RCE)
Summary In the core update functionality of baserCMS, some parameters sent from the admin panel are passed to the exec function without proper validation or escaping. This issue allows an authenticated CMS administrator to execute arbitrary OS commands on the server Remote Code Execution, RCE. Th...
baserCMS has Unsafe File Upload Leading to Remote Code Execution (RCE)
Details The application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using requireonce without validating or restricting the filename. An attacker can craft a malicious PHP file within the zip and achieve...
Cross-site Scripting (XSS)
Overview baserproject/basercms is a Content management system based on CakePHP. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the blog post rendering process. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious...
Command Injection
Overview baserproject/basercms is a Content management system based on CakePHP. Affected versions of this package are vulnerable to Command Injection via the installer process. An attacker can execute arbitrary operating system commands by supplying crafted input during installation. Remediation...
Incorrect Authorization
Overview baserproject/basercms is a Content management system based on CakePHP. Affected versions of this package are vulnerable to Incorrect Authorization via the mail submission API. An attacker can submit unauthorized mail form entries by sending requests to the public API endpoint, even when...
Arbitrary File Upload
Overview baserproject/basercms is a Content management system based on CakePHP. Affected versions of this package are vulnerable to Arbitrary File Upload in the restore process. An attacker can execute arbitrary PHP code by uploading a crafted .zip archive containing a malicious PHP file, which i...
Directory Traversal
Overview baserproject/basercms is a Content management system based on CakePHP. Affected versions of this package are vulnerable to Directory Traversal via the theme file management API when an authenticated administrator supplies crafted input to the path parameter. An attacker can write arbitra...
CVE-2026-30879
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a cross-site scripting vulnerability in blog posts. This issue has been patched in version 5.2.3...
CVE-2026-30880
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command injection vulnerability in the installer. This issue has been patched in version 5.2.3...
CVE-2026-32734
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has DOM-based cross-site scripting in tag creation. This issue has been patched in version 5.2.3...