Description
baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API (/baser/api/admin/bc-theme-file/theme_files/add.json) that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path parameter to create a PHP file in an arbitrary directory outside the theme directory, which may result in remote code execution (RCE). This issue has been patched in version 5.2.3.
Published: 2026-03-31
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

An authenticated administrator can exploit a path traversal flaw in the theme file management API, allowing the creation of arbitrary files outside the intended theme directory. By inserting "../" sequences into the path parameter, an attacker can write a PHP file to any location with write permission, potentially leading to remote code execution. The weakness exemplifies a combination of directory traversal and arbitrary file write, enabling attackers to compromise the integrity of the application and its surrounding filesystem.

Affected Systems

The issue affects baserproject basercms installations running any version before 5.2.3. Only the default theme file API endpoint ( /baser/api/admin/bc-theme-file/theme_files/add.json ) is vulnerable, and it requires a user with administrator privileges.

Risk and Exploitability

The CVSS score of 7.2 indicates a medium to high severity, and the EPSS score of less than 1% suggests that exploitation is currently considered unlikely. The vulnerability is not listed in CISA’s KEV catalog, so there are no widely documented exploits yet. Exploitation requires authenticated access to the admin API; once achieved, the path traversal allows the attacker to place a PHP file anywhere writable, providing a straightforward attack path to remote code execution. The impact is potentially system-wide due to the ability to write files in arbitrary locations.

Generated by OpenCVE AI on April 2, 2026 at 03:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade baserCMS to version 5.2.3 or later.
  • If an upgrade cannot be performed immediately, disable write permissions for the theme file API or lock down the directory used for theme files.
  • Restrict access to the admin API to trusted administrators and monitor for suspicious use of file creation endpoints.

Generated by OpenCVE AI on April 2, 2026 at 03:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-c5c6-37vq-pjcq baserCMS Path Traversal Leads to Arbitrary File Write and RCE via Theme File API
History

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Baserproject
Baserproject basercms
Vendors & Products Baserproject
Baserproject basercms

Thu, 02 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
First Time appeared Basercms
Basercms basercms
CPEs cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*
Vendors & Products Basercms
Basercms basercms

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
Description baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API (/baser/api/admin/bc-theme-file/theme_files/add.json) that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path parameter to create a PHP file in an arbitrary directory outside the theme directory, which may result in remote code execution (RCE). This issue has been patched in version 5.2.3.
Title baserCMS: Path Traversal in Theme File API Leads to Arbitrary File Write and RCE
Weaknesses CWE-22
CWE-73
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Basercms Basercms
Baserproject Basercms
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-02T14:46:54.107Z

Reserved: 2026-03-07T17:34:39.978Z

Link: CVE-2026-30940

cve-icon Vulnrichment

Updated: 2026-04-02T14:46:39.387Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-31T01:16:36.430

Modified: 2026-04-01T20:26:17.970

Link: CVE-2026-30940

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T09:10:41Z

Weaknesses