Description
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3.
Published: 2026-03-31
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection
Action: Patch
AI Analysis

Impact

A SQL injection flaw exists in the blog post handling component of baserCMS, allowing an attacker to insert arbitrary SQL statements. This weakness aligns with CWE-89, where special characters in user input are not properly neutralized. An attacker could potentially read confidential database content, modify or delete records, and compromise data integrity.

Affected Systems

Any installation of baserCMS from baserproject running a version older than 5.2.3 is vulnerable. The issue was addressed in the 5.2.3 release, and later versions are considered safe from this specific flaw.

Risk and Exploitability

The vulnerability has a CVSS v3 score of 6.9, indicating moderate severity. EPSS information is not available, and it is not listed in the CISA Known Exploited Vulnerabilities catalog, suggesting limited public exploitation. The likely attack vector is the web interface that accepts blog post input, as described. No further exploitation conditions are detailed in the advisory.

Generated by OpenCVE AI on March 31, 2026 at 06:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update baserCMS to version 5.2.3 or later immediately
  • Verify that the blog post input form employs proper input validation and sanitization
  • Review your database user privileges to ensure the web application operates with the minimal necessary permissions
  • Scan the application for other potential injection points and apply relevant patches if found

Generated by OpenCVE AI on March 31, 2026 at 06:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-vh89-rjph-2g7p baserCMS has an SQL injection vulnerability in its blog post functionality
History

Tue, 31 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
Description baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3.
Title baserCMS: SQL injection vulnerability in blog post
Weaknesses CWE-89
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-31T15:28:00.580Z

Reserved: 2026-02-23T17:56:51.202Z

Link: CVE-2026-27697

cve-icon Vulnrichment

Updated: 2026-03-31T15:27:56.097Z

cve-icon NVD

Status : Received

Published: 2026-03-31T01:16:35.693

Modified: 2026-03-31T01:16:35.693

Link: CVE-2026-27697

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T19:56:43Z

Weaknesses