{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T13:26:19.016","vulnerabilities":[{"cve":{"id":"CVE-2026-30877","sourceIdentifier":"security-advisories@github.com","published":"2026-03-31T01:16:35.830","lastModified":"2026-04-01T20:28:43.797","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges of the user account running baserCMS. This issue has been patched in version 5.2.3."},{"lang":"es","value":"baserCMS es un framework de desarrollo de sitios web. Antes de la versión 5.2.3, existe una vulnerabilidad de inyección de comandos del sistema operativo en la funcionalidad de actualización. Debido a este problema, un usuario autenticado con privilegios de administrador en baserCMS puede ejecutar comandos arbitrarios del sistema operativo en el servidor con los privilegios de la cuenta de usuario que ejecuta baserCMS. Este problema ha sido parcheado en la versión 5.2.3."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*","versionEndExcluding":"5.2.3","matchCriteriaId":"07DEEEF3-0621-431D-8A38-405EDBD0957E"}]}]}],"references":[{"url":"https://basercms.net/security/JVN_20837860","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/baserproject/basercms/releases/tag/5.2.3","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-m9g7-rgfc-jcm7","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}