CVE-2026-30877PATCHED

baserproject · basercms

baserCMS: OS Command Injection in the baserCMS Update Functionality

Description

A vulnerability was found in baserproject basercms up to 5.2.2 and classified as critical. The affected element is the function update of the component User Account Handler. Executing a manipulation can lead to os command injection.

Affected Products

Vendor	Product	Versions
baserproject	basercms	< 5.2.3, 5.2.2

References

https://github.com/baserproject/basercms/security/advisories/GHSA-m9g7-rgfc-jcm7(x_refsource_CONFIRM)
https://basercms.net/security/JVN_20837860(x_refsource_MISC)
https://github.com/baserproject/basercms/releases/tag/5.2.3(x_refsource_MISC)

Related News (1 articles)

Tier C

VulDB4h ago

CVE-2026-30877 | baserproject basercms up to 5.2.2 User Account update os command injection (GHSA-m9g7-rgfc-jcm7)

→ No new info (linked only)

CVSS 3.19.1 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available5.2.3

CWECWE-78

PublishedMar 31, 2026

Last enriched4h agov2

Trending Score30

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-27697EXP

baserCMS: SQL injection vulnerability in blog post

Trending: 49

CRITICALCVE-2026-30940EXP

baserCMS: Path Traversal in Theme File API Leads to Arbitrary File Write and RCE

Trending: 49

MEDIUMCVE-2026-32734EXP

baserCMS: Multiple vulnerabilities in baserCMS

Trending: 42

CRITICALCVE-2026-21861

baserCMS: OS Command Injection Leading to Remote Code Execution (RCE)

Trending: 30

CRITICALCVE-2026-30878

baserCMS: Mail Form Acceptance Bypass via Public API

Trending: 30

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Mar 31, 2026

Discovered by ZDM

Mar 31, 2026

Patch Available

Mar 31, 2026

Updated: affectedVersions, patchAvailable, description

Mar 31, 2026

Version History

Last enriched 4h ago

v2Tier C4h ago

Updated affected versions to include 5.2.2, corrected exploit availability to false, and provided a more detailed description of the vulnerability.

affectedVersionspatchAvailabledescription

via VulDB

v19h ago

Initial creation