CVE-2026-30880 — OS Command Injection in Basercms

CWE-78 — OS Command Injection4 documents4 sources

Severity

9.2CRITICALNVD

EPSS

0.2%

top 52.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Baserproject Basercms Basercms

Timeline

PublishedMar 31

Description

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command injection vulnerability in the installer. This issue has been patched in version 5.2.3.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages3 packages

▶NVDbasercms/basercms< 5.2.3

▶CVEListV5baserproject/basercms< 5.2.3

▶Packagistbaserproject/basercms< 5.2.3

🔴Vulnerability Details

OSV

baserCMS has OS command injection vulnerability in installer↗2026-03-31

▶

GHSA

baserCMS has OS command injection vulnerability in installer↗2026-03-31

▶

🕵️Threat Intelligence

Wiz

CVE-2026-30880 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶