CVE-2026-30877

CVSS v3.1

9.1

Critical

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges of the user account running baserCMS. This issue has been patched in version 5.2.3.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2026-30877

Affected Products

Basercms

CVE-2026-30877

Weakness Enumeration

Related Identifiers

Affected Products

References · 4