Vulnerabilities

Report: CVE-2026-21861 - baserCMS: OS Command Injection Leading to Remote Code Execution (RCE)

2026-03-31 0 views admin

CVE ID :CVE-2026-21861 Published : March 31, 2026, 1:16 a.m. | 21 minutes ago Description :baserCMS is a website development framework. Prior to version 5.2.3, baserCMS contains an OS command injection vulnerability in the core update functionality. An authenticated administrator can execute arbitrary OS commands on the server due to improper handling of user-controlled input that is directly passed to exec() without sufficient validation or escaping. This issue has been patched in version 5.2.3. Severity: 9.1 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-21861

Severity

CRITICAL

Published

March 31, 2026

Impact: command injection

🏷️ Tags

report21861basercmscommandinjectionleadingremoteexecutioncverce

InfinitSec - Latest Cybersecurity, Technology & Gaming News

Report: CVE-2026-21861 - baserCMS: OS Command Injection Leading to Remote Code Execution (RCE)

CVE Details

🏷️ Tags

More from Vulnerabilities

Report: CVE-2026-5156 - Tenda CH22 Parameter QuickIndex formQuickIndex stack-based overflow - Guide

Report: CVE-2026-5157 - code-projects Online Food Ordering System Order order.php cross site scripting

Report: - baserCMS: unsafe File Upload Leading to Remote Code Execution (RCE) CVE-2025-32957

Report: CVE-2026-30878 - baserCMS: Mail Form Acceptance Bypass via Public API

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting