SQL Injection in Baserproject Basercms

CVE-2026-27697

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3.

Vulnerability class: SQL Injection

EPSS: 0.000 (2.1th percentile) — read the EPSS interpretation.

Affected products

Baserproject Basercms — versions < 5.2.3

Weakness classification (CWE)

CWE-89 — SQL Injection

References

https://github.com/baserproject/basercms/security/advisories/GHSA-vh89-rjph-2g7p (x_refsource_CONFIRM)
https://basercms.net/security/JVN_20837860 (x_refsource_MISC)
https://github.com/baserproject/basercms/releases/tag/5.2.3 (x_refsource_MISC)