752 matches found
CVE-2026-30878
baserCMS is a website development framework. Prior to version 5.2.3, a public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables...
CVE-2026-30878
CVE-2026-30878 affects baserCMS. Before 5.2.3, the public mail submission API allowed unauthenticated users to submit mail form entries even when the form was not accepting submissions, bypassing administrative controls and enabling spam via the API. This issue is patched in version 5.2.3 . The C...
CVE-2026-30878 baserCMS: Mail Form Acceptance Bypass via Public API
baserCMS is a website development framework. Prior to version 5.2.3, a public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables...
CVE-2026-30878 baserCMS: Mail Form Acceptance Bypass via Public API
baserCMS is a website development framework. Prior to version 5.2.3, a public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables...
CVE-2026-30877
baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges o...
CVE-2026-30877
baserCMS (website development framework) has an OS command injection in the update functionality prior to v5.2.3. An authenticated administrator can run arbitrary OS commands on the server with the baserCMS process user privileges. The issue is fixed in version 5.2.3 per CVE-2026-30877 (NVD and C...
CVE-2026-30877 baserCMS: OS Command Injection in the baserCMS Update Functionality
baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges o...
CVE-2026-30877 baserCMS: OS Command Injection in the baserCMS Update Functionality
baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges o...
CVE-2026-30877 baserCMS: OS Command Injection in the baserCMS Update Functionality
baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges o...
CVE-2026-30880
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command injection vulnerability in the installer. This issue has been patched in version 5.2.3...
CVE-2026-30880 baserCMS: OS command injection vulnerability in installer
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command injection vulnerability in the installer. This issue has been patched in version 5.2.3...
CVE-2026-30880
The CVE-2026-30880 issue affects baserCMS prior to version 5.2.3, where an OS command injection vulnerability exists in the installer. The root cause is an inadequate input validation/command execution handling during installation, allowing an attacker who places baserCMS on a server (not yet ins...
CVE-2026-30880 baserCMS: OS command injection vulnerability in installer
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command injection vulnerability in the installer. This issue has been patched in version 5.2.3...
CVE-2026-30880 baserCMS: OS command injection vulnerability in installer
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command injection vulnerability in the installer. This issue has been patched in version 5.2.3...
CVE-2026-27697
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3...
CVE-2026-27697 baserCMS: SQL injection vulnerability in blog post
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3...
CVE-2026-27697 baserCMS: SQL injection vulnerability in blog post
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3...
CVE-2026-27697 baserCMS: SQL injection vulnerability in blog post
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3...
CVE-2026-21861 baserCMS: OS Command Injection Leading to Remote Code Execution (RCE)
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS contains an OS command injection vulnerability in the core update functionality. An authenticated administrator can execute arbitrary OS commands on the server due to improper handling of user-controlled input that is...
CVE-2026-21861
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS contains an OS command injection vulnerability in the core update functionality. An authenticated administrator can execute arbitrary OS commands on the server due to improper handling of user-controlled input that is...