baserCMS OS Command Injection Vulnerability (CVE-2026-30877)
baserCMS prior to version 5.2.3 contains an OS command injection vulnerability in the update functionality, allowing authenticated administrators to execute arbitrary OS commands on the server.
baserCMS is a website development framework. Prior to version 5.2.3, a critical OS command injection vulnerability exists within the update functionality. This flaw allows an attacker, authenticated as an administrator, to inject and execute arbitrary operating system commands on the server hosting baserCMS. The commands are executed with the privileges of the user account running the baserCMS application, potentially leading to complete system compromise. This vulnerability was reported on…
Detection coverage 2
baserCMS Update Command Injection Attempt
criticalDetects potential OS command injection attempts via HTTP requests to the baserCMS update functionality.
baserCMS Suspicious Process Execution from Webserver
highDetects potential command injection exploitation in baserCMS by monitoring for unusual processes spawned by the web server.
Detection queries are kept inside the platform. Get full rules →