VYPR

Vendor CVEs

Basercms

All CVEs

71 total · sorted by risk
  • CVE-2017-10842CriAug 29, 2017
    risk 0.64cvss 9.8epss 0.02

    SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2026-30880CriMar 31, 2026
    risk 0.57cvss 9.8epss 0.02

    baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command injection vulnerability in the installer. This issue has been patched in version 5.2.3.

  • CVE-2026-27697CriMar 31, 2026
    risk 0.57cvss 9.8epss 0.00

    baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3.

  • CVE-2018-0569HigJun 26, 2018
    risk 0.57cvss 8.8epss 0.01

    baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors.

  • CVE-2017-10844HigAug 29, 2017
    risk 0.57cvss 8.8epss 0.01

    baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to execute arbitrary PHP code on the server via unspecified vectors.

  • CVE-2016-4887HigMay 12, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Uploader version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

  • CVE-2016-4886HigMay 12, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

  • CVE-2016-4885HigMay 12, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Feed version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

  • CVE-2016-4884HigMay 12, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

  • CVE-2016-4882HigMay 12, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

  • CVE-2016-4881HigMay 12, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

  • CVE-2016-4879HigMay 12, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

  • CVE-2016-4878HigMay 12, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

  • CVE-2016-4876HigMay 12, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators to execute arbitrary PHP code via unspecified vectors.

  • CVE-2016-1172HigApr 6, 2016
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows remote attackers to hijack the authentication of administrators.

  • CVE-2016-1170HigApr 6, 2016
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the Casebook plugin before 0.9.4 for baserCMS allows remote attackers to hijack the authentication of administrators.

  • CVE-2018-0572HigJun 26, 2018
    risk 0.53cvss 8.1epss 0.02

    baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors.

  • CVE-2026-30877CriMar 31, 2026
    risk 0.52cvss 9.1epss 0.02

    baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server…

  • CVE-2026-21861CriMar 31, 2026
    risk 0.52cvss 9.1epss 0.02

    baserCMS is a website development framework. Prior to version 5.2.3, baserCMS contains an OS command injection vulnerability in the core update functionality. An authenticated administrator can execute arbitrary OS commands on the server due to improper handling of…

  • CVE-2025-32957HigMar 31, 2026
    risk 0.50cvss 8.7epss 0.01

    baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using require_once without validating or restricting the…

  • CVE-2017-10843HigAug 29, 2017
    risk 0.49cvss 7.5epss 0.01

    baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to delete arbitrary files via unspecified vectors when the "File" field is being used in the mail form.

  • CVE-2015-7769MedFeb 19, 2016
    risk 0.41cvss 6.3epss 0.01

    baserCMS 3.0.2 through 3.0.8 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.

  • CVE-2026-30940HigMar 31, 2026
    risk 0.40cvss 7.2epss 0.01

    baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API (/baser/api/admin/bc-theme-file/theme_files/add.json) that allows arbitrary file write. An authenticated administrator can include ../…

  • CVE-2018-0574MedJun 26, 2018
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2016-1173MedApr 6, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2016-1171MedApr 6, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2026-32734HigMar 31, 2026
    risk 0.39cvss 7.1epss 0.00

    baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has DOM-based cross-site scripting in tag creation. This issue has been patched in version 5.2.3.

  • CVE-2024-44807MedOct 11, 2024
    risk 0.35cvss 5.3epss 0.01

    A directory listing issue in the baserCMS plugin in D-ZERO CO., LTD. BurgerEditor and BurgerEditor Limited Edition before 2.25.1 allows remote attackers to obtain sensitive information by exposing a list of the uploaded files.

  • CVE-2018-0575MedJun 26, 2018
    risk 0.35cvss 5.3epss 0.01

    baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors.

  • CVE-2018-0573MedJun 26, 2018
    risk 0.35cvss 5.3epss 0.01

    baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors.

  • CVE-2018-0570MedJun 26, 2018
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2016-4883MedMay 12, 2017
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2016-4880MedMay 12, 2017
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2016-4877MedMay 12, 2017
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2026-30879MedMar 31, 2026
    risk 0.33cvss 6.1epss 0.00

    baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a cross-site scripting vulnerability in blog posts. This issue has been patched in version 5.2.3.

  • CVE-2018-0571MedJun 26, 2018
    risk 0.28cvss 4.3epss 0.01

    baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files.

  • CVE-2026-30878MedMar 31, 2026
    risk 0.27cvss 5.3epss 0.00

    baserCMS is a website development framework. Prior to version 5.2.3, a public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form…

  • CVE-2024-46998Oct 24, 2024
    risk 0.00cvss epss 0.00

    baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Edit Email Form Settings Feature. Version 5.1.2 fixes the issue.

  • CVE-2024-46996Oct 24, 2024
    risk 0.00cvss epss 0.00

    baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Blog posts feature. Version 5.1.2 fixes this issue.

  • CVE-2024-46995Oct 24, 2024
    risk 0.00cvss epss 0.00

    baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in HTTP 400 Bad Request. Version 5.1.2 fixes this issue.

  • CVE-2024-46994Oct 24, 2024
    risk 0.00cvss epss 0.00

    baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in Blog posts and Contents list Feature. Version 5.1.2 fixes this issue.

  • CVE-2024-26128Feb 22, 2024
    risk 0.00cvss epss 0.01

    baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the content management feature. Version 5.0.9 contains a fix for this vulnerability.

  • CVE-2023-51450Feb 22, 2024
    risk 0.00cvss epss 0.01

    baserCMS is a website development framework. Prior to version 5.0.9, there is an OS Command Injection vulnerability in the site search feature of baserCMS. Version 5.0.9 contains a fix for this vulnerability.

  • CVE-2023-44379Feb 22, 2024
    risk 0.00cvss epss 0.00

    baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the site search feature. Version 5.0.9 contains a fix for this vulnerability.

  • CVE-2023-43792Oct 30, 2023
    risk 0.00cvss epss 0.01

    baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available.

  • CVE-2023-43649Oct 30, 2023
    risk 0.00cvss epss 0.00

    baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue.

  • CVE-2023-43648Oct 30, 2023
    risk 0.00cvss epss 0.01

    baserCMS is a website development framework. Prior to version 4.8.0, there is a Directory Traversal Vulnerability in the form submission data management feature of baserCMS. Version 4.8.0 contains a patch for this issue.

  • CVE-2023-43647Oct 30, 2023
    risk 0.00cvss epss 0.01

    baserCMS is a website development framework. Prior to version 4.8.0, there is a cross-site scripting vulnerability in the file upload feature of baserCMS. Version 4.8.0 contains a patch for this issue.

  • CVE-2023-29009Oct 27, 2023
    risk 0.00cvss epss 0.00

    baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0.

  • CVE-2023-25655Mar 23, 2023
    risk 0.00cvss epss 0.01

    baserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system of baserCMS. Version 4.7.5 contains a patch.

Page 1 of 2