Skip to main content

Basercms

62 CVEs product

Monthly

CVE-2026-32734 PHP HIGH PATCH GHSA This Week

DOM-based cross-site scripting in baserCMS tag creation functionality allows remote attackers to execute malicious JavaScript in victim browsers. Affects all baserCMS versions prior to 5.2.3. The vulnerability requires user interaction (CVSS UI:R) but needs no authentication (PR:N), enabling phishing or social engineering attacks. EPSS data not available; no public exploit identified at time of analysis. Vendor-released patch available in version 5.2.3.

XSS Basercms
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-30879 PHP MEDIUM PATCH GHSA This Month

Cross-site scripting (XSS) vulnerability in baserCMS prior to version 5.2.3 allows attackers to inject malicious scripts into blog posts, potentially enabling session hijacking, credential theft, or malware distribution to site visitors. The vulnerability affects the blog post functionality and has been patched in version 5.2.3; no public exploit code or active exploitation has been confirmed at time of analysis.

XSS Basercms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-30878 PHP MEDIUM PATCH GHSA This Month

baserCMS versions prior to 5.2.3 allow unauthenticated remote attackers to bypass administrative form submission controls via a public mail API, enabling arbitrary form submissions even when the form is configured to reject new entries. This authentication bypass has a CVSS score of 5.3 and permits attackers to inject spam or abuse content without authorization, circumventing intended intake restrictions. Vendor-released patch available in version 5.2.3.

Authentication Bypass Basercms
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-30877 PHP CRITICAL PATCH GHSA Act Now

OS command injection in baserCMS update functionality allows authenticated administrators to execute arbitrary commands on the server with application privileges. Affects baserCMS versions prior to 5.2.3. Vendor-released patch available in version 5.2.3. CVSS 9.1 reflects high impact with changed scope, though exploitation requires high-privilege administrator access (PR:H). No public exploit identified at time of analysis. EPSS data not provided, but attack complexity is low (AC:L) once admin credentials are obtained.

Command Injection Basercms
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-30880 PHP CRITICAL PATCH GHSA Act Now

OS command injection in baserCMS installer prior to version 5.2.3 allows remote attackers to execute arbitrary system commands during the installation process. The vulnerability exists in the installer component and has been patched in version 5.2.3. Attack complexity appears low given the installer context, though CVSS metrics are unavailable for detailed severity assessment.

Command Injection Basercms
NVD GitHub VulDB
CVSS 4.0
9.2
EPSS
0.3%
CVE-2026-27697 PHP MEDIUM PATCH GHSA This Month

SQL injection in baserCMS prior to version 5.2.3 allows unauthenticated remote attackers to execute arbitrary SQL queries through unvalidated input in blog post functionality. The vulnerability affects all versions before 5.2.3 and has been patched; no public exploit code or active exploitation has been confirmed at the time of analysis.

SQLi Basercms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-21861 PHP CRITICAL PATCH GHSA Act Now

OS command injection in baserCMS core update functionality allows authenticated administrators to execute arbitrary system commands on the server. The vulnerability affects baserCMS versions prior to 5.2.3, stemming from improper sanitization of user-controlled input passed directly to exec() functions. With CVSS 9.1 (Critical) due to network accessibility, low complexity, and cross-scope impact, this represents a severe risk in multi-tenant or managed hosting environments where administrative boundaries must be enforced. EPSS data not available, no CISA KEV listing confirmed, and authentication requirements (PR:H) limit exploit surface to compromised or malicious administrator accounts.

Command Injection Basercms
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.2%
CVE-2024-46998 PHP MEDIUM PATCH This Month

baserCMS is a website development framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Basercms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-46996 PHP MEDIUM PATCH This Month

baserCMS is a website development framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Basercms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-46995 PHP MEDIUM PATCH This Month

baserCMS is a website development framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Basercms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-46994 PHP MEDIUM PATCH This Month

baserCMS is a website development framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Basercms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-26128 PHP MEDIUM PATCH This Month

baserCMS is a website development framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Basercms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-43792 PHP CRITICAL Act Now

baserCMS is a website development framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Basercms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-43649 PHP CRITICAL PATCH Act Now

baserCMS is a website development framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Basercms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-43648 PHP MEDIUM PATCH This Month

baserCMS is a website development framework. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Basercms
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-43647 PHP MEDIUM PATCH This Month

baserCMS is a website development framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload XSS Basercms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-29009 PHP MEDIUM PATCH This Month

baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Basercms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-25655 PHP CRITICAL PATCH Act Now

baserCMS is a Content Management system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Basercms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-25654 PHP CRITICAL PATCH Act Now

baserCMS is a Content Management system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Basercms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-42486 PHP MEDIUM PATCH This Month

Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Basercms
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-41994 PHP MEDIUM PATCH This Month

Stored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Basercms
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-39325 PHP MEDIUM PATCH This Month

BaserCMS is a content management system with a japanese language focus. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Basercms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2021-41279 PHP HIGH PATCH This Week

BaserCMS is an open source content management system with a focus on Japanese language support. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Basercms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-41243 PHP HIGH PATCH This Week

There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Command Injection Basercms
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2021-39136 PHP MEDIUM PATCH This Month

baserCMS is an open source content management system with a focus on Japanese language support. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS File Upload Basercms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-20683 PHP MEDIUM PATCH This Month

Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Basercms
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-20682 PHP HIGH PATCH This Week

baserCMS versions prior to 4.4.5 allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Basercms
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-20681 PHP MEDIUM PATCH This Month

Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Basercms
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-15276 PHP HIGH PATCH This Week

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Basercms
NVD GitHub
CVSS 3.1
8.7
EPSS
1.0%
CVE-2020-15273 PHP HIGH PATCH This Week

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS File Upload Basercms
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-15277 PHP HIGH PATCH This Week

baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE PHP Basercms
NVD GitHub
CVSS 3.1
7.2
EPSS
2.2%
CVE-2020-15159 PHP HIGH PATCH This Week

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS RCE PHP Basercms
NVD GitHub
CVSS 3.1
7.6
EPSS
2.2%
CVE-2020-15155 PHP HIGH PATCH This Week

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Basercms
NVD GitHub
CVSS 3.1
7.3
EPSS
1.3%
CVE-2020-15154 PHP HIGH PATCH This Week

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Basercms
NVD GitHub
CVSS 3.1
7.3
EPSS
1.0%
CVE-2018-18943 PHP MEDIUM POC PATCH This Month

An issue was discovered in baserCMS before 4.1.4. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Basercms
NVD
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-18942 PHP HIGH POC PATCH This Week

In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Basercms
NVD GitHub
CVSS 3.0
7.2
EPSS
2.4%
CVE-2018-0575 PHP MEDIUM This Month

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Basercms
NVD
CVSS 3.0
5.3
EPSS
1.2%
CVE-2018-0574 PHP MEDIUM This Month

Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Basercms
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-0573 PHP MEDIUM PATCH This Month

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Basercms
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2018-0572 PHP HIGH PATCH This Week

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Basercms
NVD
CVSS 3.0
8.1
EPSS
1.6%
CVE-2018-0571 PHP MEDIUM PATCH This Month

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Basercms
NVD
CVSS 3.0
4.3
EPSS
1.1%
CVE-2018-0570 PHP MEDIUM This Month

Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Basercms
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-0569 PHP HIGH This Week

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Basercms
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2017-10844 PHP HIGH PATCH This Week

baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to execute arbitrary PHP code on the server via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection PHP Basercms
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-10843 PHP HIGH PATCH This Week

baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to delete arbitrary files via unspecified vectors when the "File" field is being used in the mail form. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Basercms
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-10842 PHP CRITICAL PATCH Act Now

SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Basercms
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2016-4887 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Uploader version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Basercms
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-4886 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Basercms
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-4885 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Feed version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Basercms
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-4884 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Basercms
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-4883 MEDIUM PATCH This Month

Cross-site scripting vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Basercms
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-4882 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Basercms
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-4881 PHP HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Basercms
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-4880 PHP MEDIUM PATCH This Month

Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Basercms
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-4879 PHP HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Basercms Mail
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2016-4878 PHP HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Basercms
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-4877 MEDIUM PATCH This Month

Cross-site scripting vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Basercms Mail
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2016-4876 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators to execute arbitrary PHP code via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF PHP Basercms
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2015-7769 MEDIUM PATCH This Month

baserCMS 3.0.2 through 3.0.8 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Basercms
NVD
CVSS 3.0
6.3
EPSS
0.6%
CVE-2015-5641 MEDIUM This Month

SQL injection vulnerability in baserCMS before 3.0.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Basercms
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2015-5640 PHP MEDIUM PATCH This Month

baserCMS before 3.0.8 allows remote authenticated users to modify arbitrary user settings via a crafted request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Basercms
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2012-1248 MEDIUM This Month

app/config/core.php in baserCMS 1.6.15 and earlier does not properly handle installations in shared-hosting environments, which allows remote attackers to hijack sessions by leveraging administrative. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. No vendor patch available.

PHP Privilege Escalation Basercms
NVD
CVSS 2.0
5.1
EPSS
1.2%
EPSS 0% CVSS 7.1
HIGH PATCH This Week

DOM-based cross-site scripting in baserCMS tag creation functionality allows remote attackers to execute malicious JavaScript in victim browsers. Affects all baserCMS versions prior to 5.2.3. The vulnerability requires user interaction (CVSS UI:R) but needs no authentication (PR:N), enabling phishing or social engineering attacks. EPSS data not available; no public exploit identified at time of analysis. Vendor-released patch available in version 5.2.3.

XSS Basercms
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in baserCMS prior to version 5.2.3 allows attackers to inject malicious scripts into blog posts, potentially enabling session hijacking, credential theft, or malware distribution to site visitors. The vulnerability affects the blog post functionality and has been patched in version 5.2.3; no public exploit code or active exploitation has been confirmed at time of analysis.

XSS Basercms
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

baserCMS versions prior to 5.2.3 allow unauthenticated remote attackers to bypass administrative form submission controls via a public mail API, enabling arbitrary form submissions even when the form is configured to reject new entries. This authentication bypass has a CVSS score of 5.3 and permits attackers to inject spam or abuse content without authorization, circumventing intended intake restrictions. Vendor-released patch available in version 5.2.3.

Authentication Bypass Basercms
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

OS command injection in baserCMS update functionality allows authenticated administrators to execute arbitrary commands on the server with application privileges. Affects baserCMS versions prior to 5.2.3. Vendor-released patch available in version 5.2.3. CVSS 9.1 reflects high impact with changed scope, though exploitation requires high-privilege administrator access (PR:H). No public exploit identified at time of analysis. EPSS data not provided, but attack complexity is low (AC:L) once admin credentials are obtained.

Command Injection Basercms
NVD GitHub VulDB
EPSS 0% CVSS 9.2
CRITICAL PATCH Act Now

OS command injection in baserCMS installer prior to version 5.2.3 allows remote attackers to execute arbitrary system commands during the installation process. The vulnerability exists in the installer component and has been patched in version 5.2.3. Attack complexity appears low given the installer context, though CVSS metrics are unavailable for detailed severity assessment.

Command Injection Basercms
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

SQL injection in baserCMS prior to version 5.2.3 allows unauthenticated remote attackers to execute arbitrary SQL queries through unvalidated input in blog post functionality. The vulnerability affects all versions before 5.2.3 and has been patched; no public exploit code or active exploitation has been confirmed at the time of analysis.

SQLi Basercms
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

OS command injection in baserCMS core update functionality allows authenticated administrators to execute arbitrary system commands on the server. The vulnerability affects baserCMS versions prior to 5.2.3, stemming from improper sanitization of user-controlled input passed directly to exec() functions. With CVSS 9.1 (Critical) due to network accessibility, low complexity, and cross-scope impact, this represents a severe risk in multi-tenant or managed hosting environments where administrative boundaries must be enforced. EPSS data not available, no CISA KEV listing confirmed, and authentication requirements (PR:H) limit exploit surface to compromised or malicious administrator accounts.

Command Injection Basercms
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

baserCMS is a website development framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Basercms
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

baserCMS is a website development framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Basercms
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

baserCMS is a website development framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Basercms
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

baserCMS is a website development framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Basercms
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

baserCMS is a website development framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Basercms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

baserCMS is a website development framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Basercms
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

baserCMS is a website development framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Basercms
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

baserCMS is a website development framework. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Basercms
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

baserCMS is a website development framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload XSS Basercms
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Basercms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

baserCMS is a Content Management system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Basercms
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

baserCMS is a Content Management system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Basercms
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM PATCH This Month

Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Basercms
NVD
EPSS 1% CVSS 4.8
MEDIUM PATCH This Month

Stored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Basercms
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

BaserCMS is a content management system with a japanese language focus. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Basercms
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

BaserCMS is an open source content management system with a focus on Japanese language support. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Basercms
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Command Injection Basercms
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

baserCMS is an open source content management system with a focus on Japanese language support. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS File Upload Basercms
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Basercms
NVD
EPSS 2% CVSS 7.2
HIGH PATCH This Week

baserCMS versions prior to 4.4.5 allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Basercms
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Basercms
NVD
EPSS 1% CVSS 8.7
HIGH PATCH This Week

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Basercms
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS File Upload Basercms
NVD GitHub
EPSS 2% CVSS 7.2
HIGH PATCH This Week

baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE PHP +1
NVD GitHub
EPSS 2% CVSS 7.6
HIGH PATCH This Week

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS RCE PHP +1
NVD GitHub
EPSS 1% CVSS 7.3
HIGH PATCH This Week

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Basercms
NVD GitHub
EPSS 1% CVSS 7.3
HIGH PATCH This Week

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Basercms
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC PATCH This Month

An issue was discovered in baserCMS before 4.1.4. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Basercms
NVD
EPSS 2% CVSS 7.2
HIGH POC PATCH This Week

In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Basercms
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Basercms
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Basercms
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Basercms
NVD
EPSS 2% CVSS 8.1
HIGH PATCH This Week

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Basercms
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Basercms
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Basercms
NVD
EPSS 1% CVSS 8.8
HIGH This Week

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Basercms
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to execute arbitrary PHP code on the server via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection PHP +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to delete arbitrary files via unspecified vectors when the "File" field is being used in the mail form. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Basercms
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Basercms
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Uploader version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Basercms
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Basercms
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Feed version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Basercms
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Basercms
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Basercms
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Basercms
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Basercms
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Basercms
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Basercms Mail
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Basercms
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Basercms Mail
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators to execute arbitrary PHP code via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF PHP Basercms
NVD
EPSS 1% CVSS 6.3
MEDIUM PATCH This Month

baserCMS 3.0.2 through 3.0.8 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Basercms
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

SQL injection vulnerability in baserCMS before 3.0.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Basercms
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

baserCMS before 3.0.8 allows remote authenticated users to modify arbitrary user settings via a crafted request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Basercms
NVD
EPSS 1% CVSS 5.1
MEDIUM This Month

app/config/core.php in baserCMS 1.6.15 and earlier does not properly handle installations in shared-hosting environments, which allows remote attackers to hijack sessions by leveraging administrative. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. No vendor patch available.

PHP Privilege Escalation Basercms
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy