CVE-2026-21861

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS contains an OS command injection vulnerability in the core update functionality. An authenticated administrator can execute arbitrary OS commands on the server due to improper handling of user-controlled input that is...

CVE-2026-21861 baserCMS: OS Command Injection Leading to Remote Code Execution (RCE)

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS contains an OS command injection vulnerability in the core update functionality. An authenticated administrator can execute arbitrary OS commands on the server due to improper handling of user-controlled input that is...

CVE-2026-21861 baserCMS: OS Command Injection Leading to Remote Code Execution (RCE)

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS contains an OS command injection vulnerability in the core update functionality. An authenticated administrator can execute arbitrary OS commands on the server due to improper handling of user-controlled input that is...

CVE-2025-32957 baserCMS: unsafe File Upload Leading to Remote Code Execution (RCE)

baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using requireonce without validating or restricting the filename. An attacke...

CVE-2025-32957

baserCMS prior to version 5.2.3 is vulnerable in its restore function, which accepts a ZIP upload and auto-extracts it. A PHP file inside the archive is then included via require_once without validating or restricting the filename, enabling arbitrary code execution if a malicious PHP file is craf...

CVE-2025-32957 baserCMS: unsafe File Upload Leading to Remote Code Execution (RCE)

baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using requireonce without validating or restricting the filename. An attacke...

CVE-2025-32957 baserCMS: unsafe File Upload Leading to Remote Code Execution (RCE)

baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using requireonce without validating or restricting the filename. An attacke...

PT-2026-29150

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a cross-site scripting vulnerability in blog posts. This issue has been patched in version 5.2.3...

PT-2026-29151

Name of the Vulnerable Software and Affected Versions baserCMS versions prior to 5.2.3 Description baserCMS is a website development framework. Before version 5.2.3, it contains an operating system command injection issue within the installer. This allows attackers to potentially execute arbitrar...

baserCMS 跨站脚本漏洞

BaserCMS is a corporate-level content management system CMS developed by the BaserCMS team. Versions of BaserCMS prior to 5.2.3 had a cross-site scripting vulnerability, which originated from DOM-based cross-site scripting during tag creation...

PT-2026-29149

baserCMS is a website development framework. Prior to version 5.2.3, a public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables...

PT-2026-29148

Name of the Vulnerable Software and Affected Versions baserCMS versions prior to 5.2.3 Description baserCMS is a website development framework. A security issue exists in the update functionality that allows an authenticated user with administrator privileges to execute arbitrary OS commands on t...

baserCMS 安全漏洞

BaserCMS is a corporate-level content management system CMS developed by the baserCMS team. Versions of BaserCMS prior to 5.2.3 contained security vulnerabilities. These vulnerabilities stemmed from defects in the public email submission API, which could allow for bypassing management controls an...

baserCMS 操作系统命令注入漏洞

BaserCMS is a corporate-level content management system CMS developed by the BaserCMS team. Versions of BaserCMS prior to 5.2.3 had a vulnerability related to operating system command injection. This vulnerability stemmed from features that allowed for OS command injections, potentially enabling...

PT-2026-29147

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3...

PT-2026-29152

baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API /baser/api/admin/bc-theme-file/theme files/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path...

baserCMS 跨站脚本漏洞

BaserCMS is a corporate-level content management system CMS developed by the baserCMS team. Versions of baserCMS prior to 5.2.3 had a cross-site scripting vulnerability; this vulnerability originated from a blog article-related feature module and made it susceptible to cross-site scripting attack...

Multiple vulnerabilities in baserCMS

Overview baserCMS provided by baserCMS User Community contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2026-30879 OS command injection CWE-78 - CVE-2026-30880 SQL injection CWE-89 - CVE-2026-27697 Cross-site scripting CWE-79 - CVE-2026-32734 CVE-2026-30879 Gai...

CVE-2022-42486

Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script...

CVE-2023-43649

baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue...