baserproject/basercms is vulnerable to OS command injection. The vulnerability exists due to the lack of validation checks in PagesController.php, allowing a remote attacker to inject specially crafted data to the application and execute arbitrary OS commands on the system.