CVE-2026-27697 — SQL Injection in Basercms

CWE-89 — SQL Injection4 documents4 sources

Severity

6.9MEDIUMNVD

EPSS

0.0%

top 89.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Baserproject Basercms Basercms

Timeline

PublishedMar 31

Description

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

▶NVDbasercms/basercms< 5.2.3

▶CVEListV5baserproject/basercms< 5.2.3

▶Packagistbaserproject/basercms< 5.2.3

🔴Vulnerability Details

OSV

baserCMS has an SQL injection vulnerability in its blog post functionality↗2026-03-31

▶

GHSA

baserCMS has an SQL injection vulnerability in its blog post functionality↗2026-03-31

▶

🕵️Threat Intelligence

Wiz

CVE-2026-27697 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶