EUVD-2026-17257
GHSA-vh89-rjph-2g7p
6.9
CVSS 4.0
Share
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X
Lifecycle Timeline
4
Patch Released
Apr 01, 2026 - 02:30 nvd
Patch available
Analysis Generated
Mar 31, 2026 - 01:00 vuln.today
EUVD ID Assigned
Mar 31, 2026 - 01:00 euvd
EUVD-2026-17257
CVE Published
Mar 31, 2026 - 00:44 nvd
MEDIUM 6.9
Tags
Description
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3.
Analysis
SQL injection in baserCMS prior to version 5.2.3 allows unauthenticated remote attackers to execute arbitrary SQL queries through unvalidated input in blog post functionality. The vulnerability affects all versions before 5.2.3 and has been patched; no public exploit code or active exploitation has been confirmed at the time of analysis.
Sign in for full analysis, threat intelligence, and remediation guidance.
Priority Score
35
Low
Medium
High
Critical
KEV: 0
EPSS: +0.0
CVSS: +34
POC: 0
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).