top of page
perceptive_background_267k.jpg

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS contains an OS command injection vulnerability in the core update functionality. A…

Published:

30 maart 2026 om 22:00:00

Alert date:

31 maart 2026 om 02:02:04

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

baserCMS, a website development framework, contains an OS command injection vulnerability in its core update functionality prior to version 5.2.3. Authenticated administrators can execute arbitrary OS commands on the server due to improper handling of user-controlled input passed directly to exec() without sufficient validation or escaping. The vulnerability allows for complete server compromise through command execution. The issue has been patched in version 5.2.3. Users should immediately upgrade to the patched version to mitigate this critical security risk.

Technical details

Mitigation steps:

Affected products:

baserCMS

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-21861
https://basercms.net/security/JVN_20837860
https://github.com/baserproject/basercms/releases/tag/5.2.3
https://github.com/baserproject/basercms/security/advisories/GHSA-qxmc-6f24-g86g

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page