PT-2026-29149 · Baserproject · Basercms
Published
2026-03-31
·
Updated
2026-03-31
·
CVE-2026-30878
CVSS v3.1
5.3
Medium
| AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
baserCMS is a website development framework. Prior to version 5.2.3, a public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables spam or abuse via the API. This issue has been patched in version 5.2.3.
Fix
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Basercms