Lucene search
K

5 matches found

OSV
OSV
added 2026/03/31 12:45 a.m.3 views

CVE-2026-30940 baserCMS: Path Traversal in Theme File API Leads to Arbitrary File Write and RCE

baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API /baser/api/admin/bc-theme-file/themefiles/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path...

7.2CVSS6.4AI score0.01049EPSS
Exploits1References5
CVE
CVE
added 2026/03/31 12:45 a.m.10 views

CVE-2026-30877

baserCMS (website development framework) has an OS command injection in the update functionality prior to v5.2.3. An authenticated administrator can run arbitrary OS commands on the server with the baserCMS process user privileges. The issue is fixed in version 5.2.3 per CVE-2026-30877 (NVD and C...

9.1CVSS6AI score0.01516EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/31 12:44 a.m.3 views

CVE-2026-30880 baserCMS: OS command injection vulnerability in installer

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command injection vulnerability in the installer. This issue has been patched in version 5.2.3...

9.2CVSS7.1AI score0.02059EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/31 12:44 a.m.27 views

CVE-2026-27697 baserCMS: SQL injection vulnerability in blog post

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3...

6.9CVSS0.00412EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/31 12:43 a.m.5 views

CVE-2025-32957

baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using requireonce without validating or restricting the filename. An attacke...

8.7CVSS6.3AI score0.00577EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder