CVE-2026-30880
- Source
- https://cve.org/CVERecord?id=CVE-2026-30880
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-30880.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-30880
- Aliases
- Published
- 2026-03-31T00:44:39.344Z
- Modified
- 2026-04-10T05:41:57.129421Z
- Severity
-
- 9.2 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- baserCMS: OS command injection vulnerability in installer
- Details
-
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command injection vulnerability in the installer. This issue has been patched in version 5.2.3.
- Database specific
{ "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/30xxx/CVE-2026-30880.json", "cwe_ids": [ "CWE-78" ] }- References
-
- https://basercms.net/security/JVN_20837860
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/30xxx/CVE-2026-30880.json
- https://github.com/baserproject/basercms/releases/tag/5.2.3
- https://github.com/baserproject/basercms/security/advisories/GHSA-6hpg-8rx3-cwgv
- https://nvd.nist.gov/vuln/detail/CVE-2026-30880
Affected packages
Git / github.com/baserproject/basercms
Affected versions
2.*
2.0.0
2.0.0-beta
2.0.1
2.0.2
2.0.3
2.1.0
2.1.2
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.5.1
3.0.6
3.0.6-beta
3.0.7
4.*
4.0.0
4.0.0-beta
4.0.6
4.0.7
4.1.0
4.1.0.1
4.1.1
4.1.2
4.2.2
4.2.4
4.3.0
4.3.3
4.3.5
4.3.6
4.3.7
4.3.7.1
4.4.0
4.4.1.1
4.4.2.1
4.4.3
4.4.4
4.4.6
4.4.8
4.5.0
4.5.1
4.5.2
4.6.0
4.6.1
4.6.1.1
4.6.2
4.7.0
4.7.2
4.7.3
4.7.5
5.*
5.0.0-beta1
5.0.0-beta2
5.0.0-beta3
5.0.0-beta4
5.1.1
5.1.3
5.1.4
5.1.5
5.1.6
5.2.0
5.2.1
5.2.2