CVE-2026-30940

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-30940

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-30940.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-30940

Aliases

GHSA-c5c6-37vq-pjcq

Published

2026-03-31T00:45:35.177Z

Modified

2026-04-10T05:42:02.539296Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

baserCMS: Path Traversal in Theme File API Leads to Arbitrary File Write and RCE

Details

baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API (/baser/api/admin/bc-theme-file/theme_files/add.json) that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path parameter to create a PHP file in an arbitrary directory outside the theme directory, which may result in remote code execution (RCE). This issue has been patched in version 5.2.3.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-22",
        "CWE-73"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/30xxx/CVE-2026-30940.json"
}

References

Affected packages

Git / github.com/baserproject/basercms

Affected ranges

Type

GIT

Repo

https://github.com/baserproject/basercms

Events

Introduced

Fixed

4cab078c93054f55d8fb36990a7ec7550f443932

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.2.3"
        }
    ]
}

Affected versions

2.*

2.0.0

2.0.0-beta

2.0.1

2.0.2

2.0.3

2.1.0

2.1.2

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.5.1

3.0.6

3.0.6-beta

3.0.7

4.*

4.0.0

4.0.0-beta

4.0.6

4.0.7

4.1.0

4.1.0.1

4.1.1

4.1.2

4.2.2

4.2.4

4.3.0

4.3.3

4.3.5

4.3.6

4.3.7

4.3.7.1

4.4.0

4.4.1.1

4.4.2.1

4.4.3

4.4.4

4.4.6

4.4.8

4.5.0

4.5.1

4.5.2

4.6.0

4.6.1

4.6.1.1

4.6.2

4.7.0

4.7.2

4.7.3

4.7.5

5.*

5.0.0-beta1

5.0.0-beta2

5.0.0-beta3

5.0.0-beta4

5.1.1

5.1.3

5.1.4

5.1.5

5.1.6

5.2.0

5.2.1

5.2.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-30940.json"