Lucene search
K

752 matches found

OSV
OSV
added 2026/03/31 10:43 p.m.2 views

GHSA-JMQ3-X8Q7-J9QM baserCMS has a cross-site scripting vulnerability in blog posts

baserCMS has a cross-site scripting vulnerability in blog posts. Target baserCMS 5.2.1 and earlier versions Vulnerability Malicious Javascript may be executed in blog posts. Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more...

6.9CVSS7AI score0.00233EPSS
Exploits0References5
OSV
OSV
added 2026/03/31 10:36 p.m.5 views

GHSA-8CR7-R8QW-GP3C baserCMS has Mail Form Acceptance Bypass via Public API

Summary A public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables spam or abuse via the API. Details In baserCMS, mail form...

5.3CVSS5.8AI score0.00382EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/31 10:35 p.m.7 views

EUVD-2026-17259

baserCMS Update Functionality Vulnerable to OS Command Injection...

9.1CVSS5.9AI score0.01516EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/31 10:35 p.m.3 views

baserCMS Update Functionality Vulnerable to OS Command Injection

Summary The latest version of baserCMS basercms-5.2.2 contains an OS command injection vulnerability CWE-78 in its update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges of the us...

9.1CVSS6.1AI score0.01516EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/31 10:35 p.m.3 views

GHSA-M9G7-RGFC-JCM7 baserCMS Update Functionality Vulnerable to OS Command Injection

Summary The latest version of baserCMS basercms-5.2.2 contains an OS command injection vulnerability CWE-78 in its update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges of the us...

9.1CVSS6.1AI score0.01516EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/31 10:35 p.m.6 views

EUVD-2026-17257

baserCMS has an SQL injection vulnerability in its blog post functionality...

6.9CVSS7.2AI score0.00412EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/31 10:35 p.m.3 views

baserCMS has an SQL injection vulnerability in its blog post functionality

baserCMS has a SQL injection vulnerability in blog posts. Target baserCMS 5.2.2 and earlier versions Vulnerability Malicious SQL may be executed in blog posts. Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more information...

9.8CVSS7.1AI score0.00412EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/31 10:35 p.m.3 views

GHSA-VH89-RJPH-2G7P baserCMS has an SQL injection vulnerability in its blog post functionality

baserCMS has a SQL injection vulnerability in blog posts. Target baserCMS 5.2.2 and earlier versions Vulnerability Malicious SQL may be executed in blog posts. Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more information...

6.9CVSS5.9AI score0.00412EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/31 10:27 p.m.4 views

EUVD-2026-17255

baserCMS has OS Command Injection Leading to Remote Code Execution RCE...

9.1CVSS6AI score0.02282EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/31 10:27 p.m.5 views

baserCMS has OS Command Injection Leading to Remote Code Execution (RCE)

Summary In the core update functionality of baserCMS, some parameters sent from the admin panel are passed to the exec function without proper validation or escaping. This issue allows an authenticated CMS administrator to execute arbitrary OS commands on the server Remote Code Execution, RCE. Th...

9.1CVSS6.5AI score0.02282EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/03/31 10:27 p.m.1 views

GHSA-QXMC-6F24-G86G baserCMS has OS Command Injection Leading to Remote Code Execution (RCE)

Summary In the core update functionality of baserCMS, some parameters sent from the admin panel are passed to the exec function without proper validation or escaping. This issue allows an authenticated CMS administrator to execute arbitrary OS commands on the server Remote Code Execution, RCE. Th...

9.1CVSS6.5AI score0.02282EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/31 10:22 p.m.4 views

baserCMS has Unsafe File Upload Leading to Remote Code Execution (RCE)

Details The application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using requireonce without validating or restricting the filename. An attacker can craft a malicious PHP file within the zip and achieve...

8.7CVSS6.5AI score0.00577EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/03/31 2:30 a.m.3 views

Cross-site Scripting (XSS)

Overview baserproject/basercms is a Content management system based on CakePHP. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the blog post rendering process. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious...

7.3CVSS7.3AI score0.00233EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/31 2:30 a.m.4 views

Command Injection

Overview baserproject/basercms is a Content management system based on CakePHP. Affected versions of this package are vulnerable to Command Injection via the installer process. An attacker can execute arbitrary operating system commands by supplying crafted input during installation. Remediation...

9.8CVSS7.4AI score0.02059EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/31 2:30 a.m.4 views

Incorrect Authorization

Overview baserproject/basercms is a Content management system based on CakePHP. Affected versions of this package are vulnerable to Incorrect Authorization via the mail submission API. An attacker can submit unauthorized mail form entries by sending requests to the public API endpoint, even when...

6.9CVSS5.8AI score0.00382EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/31 2:30 a.m.4 views

Arbitrary File Upload

Overview baserproject/basercms is a Content management system based on CakePHP. Affected versions of this package are vulnerable to Arbitrary File Upload in the restore process. An attacker can execute arbitrary PHP code by uploading a crafted .zip archive containing a malicious PHP file, which i...

8.7CVSS6.2AI score0.00577EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/31 2:30 a.m.0 views

Directory Traversal

Overview baserproject/basercms is a Content management system based on CakePHP. Affected versions of this package are vulnerable to Directory Traversal via the theme file management API when an authenticated administrator supplies crafted input to the path parameter. An attacker can write arbitra...

8.6CVSS6.7AI score0.01049EPSS
Exploits1References2
NVD
NVD
added 2026/03/31 1:16 a.m.7 views

CVE-2026-30879

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a cross-site scripting vulnerability in blog posts. This issue has been patched in version 5.2.3...

6.9CVSS0.00233EPSS
Exploits0References3
NVD
NVD
added 2026/03/31 1:16 a.m.6 views

CVE-2026-30880

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command injection vulnerability in the installer. This issue has been patched in version 5.2.3...

9.8CVSS0.02059EPSS
Exploits0References3
NVD
NVD
added 2026/03/31 1:16 a.m.4 views

CVE-2026-32734

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has DOM-based cross-site scripting in tag creation. This issue has been patched in version 5.2.3...

7.1CVSS0.00258EPSS
Exploits0References3
Rows per page
Query Builder