Vulnerability Description
baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges of the user account running baserCMS. This issue has been patched in version 5.2.3.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Basercms | Basercms | < 5.2.3 |
Related Weaknesses (CWE)
References
- https://basercms.net/security/JVN_20837860Vendor Advisory
- https://github.com/baserproject/basercms/releases/tag/5.2.3Release Notes
- https://github.com/baserproject/basercms/security/advisories/GHSA-m9g7-rgfc-jcm7Vendor Advisory
FAQ
What is CVE-2026-30877?
CVE-2026-30877 is a vulnerability with a CVSS score of 9.1 (CRITICAL). baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administr...
How severe is CVE-2026-30877?
CVE-2026-30877 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2026-30877?
Check the references section above for vendor advisories and patch information. Affected products include: Basercms Basercms.