CVE-2026-30877

EUVD-2026-17259
baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges of the user account running baserCMS. This issue has been patched in version 5.2.3.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
Affected Products (NVD)
VendorProductVersion
basercmsbasercms
𝑥
< 5.2.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://basercms.net/security/JVN_20837860
https://github.com/baserproject/basercms/releases/tag/5.2.3
https://github.com/baserproject/basercms/security/advisories/GHSA-m9g7-rgfc-jcm7