CRITICALCVE-2026-30880Published 2026-03-31Modified 2026-03-31CNA GitHub_M

CVE-2026-30880: baserCMS: OS command injection vulnerability in installer

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command injection vulnerability in the installer. This issue has been patched in version 5.2.3.

CVSS v4.0: 9.2
Severity: CRITICAL
Fixed in: —
Affected Products: 1

Affected packages

baserproject / basercms
< 5.2.3

CVSS Vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

https://github.com/baserproject/basercms/security/advisories/GHSA-6hpg-8rx3-cwgv
https://basercms.net/security/JVN_20837860
https://github.com/baserproject/basercms/releases/tag/5.2.3

Metrics