CVE-2026-30877: baserCMS Update Functionality Vulnerable to OS Command Injection

March 31, 2026

The latest version of baserCMS (basercms-5.2.2) contains an OS command injection vulnerability (CWE-78) in its update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges of the user account running baserCMS.

References

basercms.net/security/JVN_20837860
github.com/advisories/GHSA-m9g7-rgfc-jcm7
github.com/baserproject/basercms
github.com/baserproject/basercms/releases/tag/5.2.3
github.com/baserproject/basercms/security/advisories/GHSA-m9g7-rgfc-jcm7
nvd.nist.gov/vuln/detail/CVE-2026-30877

Code Behaviors & Features

Detect and mitigate CVE-2026-30877 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →