baserCMS OS Command Injection Vulnerability (CVE-2026-21861)
baserCMS versions prior to 5.2.3 are vulnerable to OS command injection, allowing an authenticated administrator to execute arbitrary commands on the server via maliciously crafted input to the core update functionality.
baserCMS, a website development framework, is susceptible to an OS command injection vulnerability (CVE-2026-21861) in versions prior to 5.2.3. This flaw resides within the core update functionality, where user-controlled input is directly passed to the exec() function without proper sanitization or validation. A successful exploit allows an authenticated administrator to execute arbitrary operating system commands on the underlying server. The vulnerability was reported on March 30, 2026…
Detection coverage 2
baserCMS Command Injection Attempt via URI
criticalDetects potential command injection attempts in baserCMS through suspicious URI parameters containing shell commands.
baserCMS Suspicious Process Execution from Web Server
highDetects suspicious processes spawned by the web server process which might indicate command injection.
Detection queries are kept inside the platform. Get full rules →