CVE-2026-30880: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in baserproject basercms
baserCMS versions prior to 5. 2. 3 contain an OS command injection vulnerability in the installer component. This vulnerability allows an attacker to execute arbitrary operating system commands due to improper neutralization of special elements. The issue has been addressed and patched in version 5. 2. 3. The vulnerability has a critical severity with a CVSS score of 9. 2.
AI Analysis
Technical Summary
CVE-2026-30880 is an OS command injection vulnerability (CWE-78) in baserCMS, a website development framework. The flaw exists in the installer prior to version 5.2.3, where user input is not properly sanitized before being used in OS commands. This can lead to remote code execution by an unauthenticated attacker. The vulnerability is fixed in baserCMS version 5.2.3.
Potential Impact
An attacker exploiting this vulnerability could execute arbitrary OS commands on the affected system without authentication, potentially leading to full system compromise. The CVSS 4.0 score of 9.2 indicates critical impact with network attack vector and no user interaction required.
Mitigation Recommendations
Upgrade baserCMS to version 5.2.3 or later, where this OS command injection vulnerability has been patched. No other mitigation is required as the vendor has provided an official fix.
CVE-2026-30880: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in baserproject basercms
Description
baserCMS versions prior to 5. 2. 3 contain an OS command injection vulnerability in the installer component. This vulnerability allows an attacker to execute arbitrary operating system commands due to improper neutralization of special elements. The issue has been addressed and patched in version 5. 2. 3. The vulnerability has a critical severity with a CVSS score of 9. 2.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-30880 is an OS command injection vulnerability (CWE-78) in baserCMS, a website development framework. The flaw exists in the installer prior to version 5.2.3, where user input is not properly sanitized before being used in OS commands. This can lead to remote code execution by an unauthenticated attacker. The vulnerability is fixed in baserCMS version 5.2.3.
Potential Impact
An attacker exploiting this vulnerability could execute arbitrary OS commands on the affected system without authentication, potentially leading to full system compromise. The CVSS 4.0 score of 9.2 indicates critical impact with network attack vector and no user interaction required.
Mitigation Recommendations
Upgrade baserCMS to version 5.2.3 or later, where this OS command injection vulnerability has been patched. No other mitigation is required as the vendor has provided an official fix.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-06T00:04:56.699Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69cb1e82e6bfc5ba1d9722c1
Added to database: 3/31/2026, 1:08:18 AM
Last enriched: 4/7/2026, 10:52:56 AM
Last updated: 5/15/2026, 5:50:10 AM
Views: 109
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.