CVE-2025-32957 baserCMS: unsafe File Upload Leading to Remote Code Execution (RCE)
baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using requireonce without validating or restricting the filename. An attacke...