UNKNOWNCVE-2026-21861
baserCMS: OS Command Injection Leading to Remote Code Execution (RCE)
Platform
php
Component
basercms
Fixed in
5.2.3
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS contains an OS command injection vulnerability in the core update functionality. An authenticated administrator can execute arbitrary OS commands on the server due to improper handling of user-controlled input that is directly passed to exec() without sufficient validation or escaping. This issue has been patched in version 5.2.3.
How to fix
Actualice baserCMS a la versión 5.2.3 o superior. Esta versión contiene la corrección para la vulnerabilidad de inyección de comandos del sistema operativo. La actualización se puede realizar a través del panel de administración de baserCMS o descargando la última versión del sitio web oficial.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free