CVE ID :CVE-2025-32957 Published : March 31, 2026, 1:16 a.m. | 21 minutes ago Description :baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using require_once without validating or restricting the filename. An attacker can craft a malicious PHP file within the zip and achieve arbitrary code execution when it is included. This issue has been patched in version 5.2.3. Severity: 8.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...