RCE in Baserproject Basercms

CVE-2026-30880

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command injection vulnerability in the installer. This issue has been patched in version 5.2.3.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.001 (17.4th percentile) — read the EPSS interpretation.

Affected products

Baserproject Basercms — versions < 5.2.3

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

https://github.com/baserproject/basercms/security/advisories/GHSA-6hpg-8rx3-cwgv (x_refsource_CONFIRM)
https://basercms.net/security/JVN_20837860 (x_refsource_MISC)
https://github.com/baserproject/basercms/releases/tag/5.2.3 (x_refsource_MISC)