Basercms

Basercms

68 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2026-32734

  • EPSS 0.03%
  • Veröffentlicht 31.03.2026 00:46:43
  • Zuletzt bearbeitet 01.04.2026 18:56:51

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has DOM-based cross-site scripting in tag creation. This issue has been patched in version 5.2.3.

6.1

CVE-2026-30879

  • EPSS 0.03%
  • Veröffentlicht 31.03.2026 00:45:50
  • Zuletzt bearbeitet 01.04.2026 20:27:36

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a cross-site scripting vulnerability in blog posts. This issue has been patched in version 5.2.3.

7.2

CVE-2026-30940

Exploit
  • EPSS 0.26%
  • Veröffentlicht 31.03.2026 00:45:35
  • Zuletzt bearbeitet 01.04.2026 20:26:17

baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API (/baser/api/admin/bc-theme-file/theme_files/add.json) that allows arbitrary file write. An authenticated admin...

5.3

CVE-2026-30878

Exploit
  • EPSS 0.04%
  • Veröffentlicht 31.03.2026 00:45:21
  • Zuletzt bearbeitet 01.04.2026 20:28:15

baserCMS is a website development framework. Prior to version 5.2.3, a public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative con...

7.2

CVE-2026-30877

  • EPSS 0.21%
  • Veröffentlicht 31.03.2026 00:45:09
  • Zuletzt bearbeitet 01.04.2026 20:28:43

baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary ...

9.8

CVE-2026-30880

  • EPSS 0.24%
  • Veröffentlicht 31.03.2026 00:44:39
  • Zuletzt bearbeitet 01.04.2026 20:27:00

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command injection vulnerability in the installer. This issue has been patched in version 5.2.3.

9.8

CVE-2026-27697

  • EPSS 0.04%
  • Veröffentlicht 31.03.2026 00:44:20
  • Zuletzt bearbeitet 01.04.2026 20:29:10

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3.

7.2

CVE-2026-21861

Exploit
  • EPSS 0.37%
  • Veröffentlicht 31.03.2026 00:43:58
  • Zuletzt bearbeitet 01.04.2026 20:29:39

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS contains an OS command injection vulnerability in the core update functionality. An authenticated administrator can execute arbitrary OS commands on the server due to impro...

7.2

CVE-2025-32957

Exploit
  • EPSS 0.07%
  • Veröffentlicht 31.03.2026 00:43:48
  • Zuletzt bearbeitet 01.04.2026 20:31:57

baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using require_once without va...

5.4

CVE-2024-46998

  • EPSS 1.06%
  • Veröffentlicht 24.10.2024 19:15:14
  • Zuletzt bearbeitet 28.10.2024 15:32:34

baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Edit Email Form Settings Feature. Version 5.1.2 fixes the issue.