pkg:Packagist/baserproject/basercms

56 total CVEsCRITICAL6HIGH21MEDIUM24

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2023-25655baserCMS allows any file to be uploaded
    from 0, < 4.7.5
  • CRITICAL9.8CVE-2023-25654baserCMS File Uploader Remote Code Execution (RCE) vulnerability
    from 0, < 4.7.5
  • CRITICAL9.8CVE-2017-10842baserCMS SQL Injection vulnerability
    from 0, < 3.0.15
  • CRITICAL9.1CVE-2026-30877baserCMS Update Functionality Vulnerable to OS Command Injection
    from 0, < 5.2.3
  • CRITICAL9.1CVE-2026-21861baserCMS has OS Command Injection Leading to Remote Code Execution (RCE)
    from 0, < 5.2.3
  • CRITICAL9.1CVE-2021-41243OS Command Injection Vulnerability and Potential Zip Slip Vulnerability in baserCMS
    from 0, < 4.5.4
  • HIGH8.8CVE-2016-4881CSRF in baserCMS 3.0.10 and earlier
    from 0, < 3.0.11
  • HIGH8.8CVE-2016-4878baserCMS Cross Site Request Forgery vulnerability
    from 0, < 3.0.11
  • HIGH8.8CVE-2018-0569OS Command Injection in baserCMS
    >= 4.0.0, <= 4.1.0.1
  • HIGH8.8CVE-2017-10844Code Injection in baserCMS
    from 0, <= 3.0.14
  • HIGH8.8CVE-2016-4879CSRF in baserCMS 3.0.10 and earlier
    from 0, <= 3.0.10
  • HIGH8.7CVE-2025-32957baserCMS has Unsafe File Upload Leading to Remote Code Execution (RCE)
    from 0, < 5.2.3
  • HIGH8.7CVE-2021-39136Cross-site scripting vulnerability in file upload
    from 0, < 4.5.1
  • HIGH8.1CVE-2018-0572baserCMS vulnerable to Access Control Bypass
    >= 4.0.0, < 4.1.1
  • HIGH7.7CVE-2021-41279Potential Zip Slip Vulnerability in baserCMS
    from 0, < 4.5.4
  • HIGH7.7CVE-2020-15276Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0
    >= 4.4.0, < 4.4.1
  • HIGH7.6CVE-2020-15159Cross Site Scripting and RCE in baserCMS
    >= 4.0.0, < 4.3.7
  • HIGH7.5CVE-2017-10843Arbitrary file delete in baserCMS
    from 0, < 3.0.15
  • HIGH7.3CVE-2020-15273Edit feed settings and others, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0
    >= 4.4.0, < 4.4.1
  • HIGH7.3CVE-2020-15155Cross Site Scripting(XSS) Vulnerability in Latest Release 4.3.6 Site basic settings
    >= 4.0.0, < 4.3.7
  • HIGH7.3CVE-2020-15154Cross Site Scripting in baserCMS
    >= 4.0.0, < 4.3.7
  • HIGH7.2CVE-2026-30940baserCMS Path Traversal Leads to Arbitrary File Write and RCE via Theme File API
    from 0, < 5.2.3
  • HIGH7.2CVE-2018-18942RCE in baserCMS before 4.1.4
    from 0, < 4.1.4
  • HIGH7.2CVE-2021-20682OS Command Injection in baserCMS
    from 0, < 4.4.5
  • HIGH7.2CVE-2020-15277Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0
    >= 4.4.0, < 4.4.1
  • HIGH7.1CVE-2026-32734baserCMS is Vulnerable to Cross-site Scripting
    from 0, < 5.2.3
  • HIGH7.1CVE-2024-46998baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature
    from 0, < 5.1.2
  • MEDIUM6.3CVE-2024-46996baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature
    from 0, < 5.1.2
  • MEDIUM6.1CVE-2024-46995baserCMS has a Cross-site Scripting (XSS) Vulnerability in HTTP 400 Bad Request
    from 0, < 5.1.2
  • MEDIUM6.1CVE-2023-44379baserCMS Cross-site Scripting vulnerability in Site search Feature
    from 0, < 5.0.9
  • MEDIUM6.1CVE-2023-43647baserCMS Cross-site Scripting vulnerability in File upload Feature
    from 0, < 4.8.0
  • MEDIUM6.1CVE-2023-29009baserCMS Cross-site Scripting Vulnerability in Favorites Feature
    from 0, < 4.8.0
  • MEDIUM6.1CVE-2018-0574XSS in baserCMS
    >= 4.0.0, <= 4.1.0.1
  • MEDIUM5.6CVE-2023-51450baserCMS OS command injection vulnerability in Installer
    from 0, < 5.0.9
  • MEDIUM5.4CVE-2024-46994baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts and Contents list Feature
    from 0, < 5.1.2
  • MEDIUM5.4CVE-2024-26128baserCMS Cross-site Scripting vulnerability in Content Management
    from 0, < 5.0.9
  • MEDIUM5.4CVE-2016-4880baserCMS Cross-site Scripting vulnerability
    from 0, < 3.0.11
  • MEDIUM5.4CVE-2018-0570XSS in baserCMS
    >= 4.0.0, <= 4.1.0.1
  • MEDIUM5.4CVE-2021-20683Cross-site Scripting (XSS) in baserCMS
    from 0, < 4.4.5
  • MEDIUM5.4CVE-2021-20681Cross-site Scripting (XSS) in baserCMS
    from 0, < 4.4.5
  • MEDIUM5.3CVE-2026-30878baserCMS has Mail Form Acceptance Bypass via Public API
    from 0, < 5.2.3
  • MEDIUM5.3CVE-2023-43792baserCMS Code Injection Vulnerability in Mail Form Feature
    >= 4.6.0, <= 4.7.6
  • MEDIUM5.3CVE-2018-0575Sensitive Data Exposure in baserCMS
    >= 4.0.0, <= 4.1.0.1
  • MEDIUM5.3CVE-2018-0573baserCMS Access Control Bypass
    from 0, < 3.0.16
  • MEDIUM4.9CVE-2023-43648baserCMS Directory Traversal vulnerability in Form submission data management Feature
    from 0, < 4.8.0
  • MEDIUM4.8CVE-2022-42486baserCMS vulnerable to stored Cross-site Scripting
    from 0, < 4.7.2
  • MEDIUM4.8CVE-2022-41994baserCMS vulnerable to stored Cross-site Scripting
    from 0, < 4.7.2
  • MEDIUM4.8CVE-2018-18943XSS in baserCMS before 4.1.4
    from 0, < 4.1.4
  • MEDIUM4.7CVE-2023-43649baserCMS CSRF vulnerability in Content preview Feature
    from 0, < 4.8.0
  • MEDIUM4.6CVE-2022-39325baserproject/basercms vulnerable to cross-site scripting (XSS) vulnerability
    from 0, < 4.7.2
  • MEDIUM4.3CVE-2018-0571baserCMS arbitrary file upload vulnerability
    >= 4.0.0, < 4.1.1
  • CVE-2026-30880baserCMS has OS command injection vulnerability in installer
    from 0, < 5.2.3
  • CVE-2026-30879baserCMS has a cross-site scripting vulnerability in blog posts
    from 0, < 5.2.3
  • CVE-2026-27697baserCMS has an SQL injection vulnerability in its blog post functionality
    from 0, < 5.2.3
  • CVE-2011-2674BaserCMS privilege escallation
    from 0, < 1.6.12
  • CVE-2015-5640baserCMS Access Control Bypass
    from 0, < 3.0.8