CVE-2026-30877
published 2026-03-31CVE-2026-30877: baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this…
PriorityP355high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.52%
71.4th percentile
baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges of the user account running baserCMS. This issue has been patched in version 5.2.3.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| basercms | basercms | < 5.2.3 | 5.2.3 |
| baserproject | basercms | < 5.2.3 | 5.2.3 |
| baserproject | basercms | >= 0 < 5.2.3 | 5.2.3 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
baserCMS Update Functionality Vulnerable to OS Command Injection
ghsa·2026-03-31
CVE-2026-30877 [CRITICAL] CWE-78 baserCMS Update Functionality Vulnerable to OS Command Injection
baserCMS Update Functionality Vulnerable to OS Command Injection
### Summary
The latest version of baserCMS (basercms-5.2.2) contains an OS command injection vulnerability (CWE-78) in its update functionality.
Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges of the user account running baserCMS.
### Details
Please refer to the attached materials.
[OSコマンドインジェクション(baserCMSのアップデート機能).pdf](https://github.com/user-attachments/files/25468689/OS.baserCMS.pdf)
### Impact
An authenticated user with administrator privileges in baserCMS can execute OS commands on the server with the privileges of the user account running baserCMS.
OSV
baserCMS Update Functionality Vulnerable to OS Command Injection
osv·2026-03-31
CVE-2026-30877 [CRITICAL] baserCMS Update Functionality Vulnerable to OS Command Injection
baserCMS Update Functionality Vulnerable to OS Command Injection
### Summary
The latest version of baserCMS (basercms-5.2.2) contains an OS command injection vulnerability (CWE-78) in its update functionality.
Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges of the user account running baserCMS.
### Details
Please refer to the attached materials.
[OSコマンドインジェクション(baserCMSのアップデート機能).pdf](https://github.com/user-attachments/files/25468689/OS.baserCMS.pdf)
### Impact
An authenticated user with administrator privileges in baserCMS can execute OS commands on the server with the privileges of the user account running baserCMS.
No detection rules found.
No public exploits indexed.
2026-03-31
Published