Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

baserproject — Vulnerabilities & Security Advisories 33

Browse all 33 CVE security advisories affecting baserproject. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Baserproject is an open-source content management system designed for rapid website creation and management, primarily targeting small to medium enterprises and public sector organizations. Historically, its codebase has exhibited a significant volume of security flaws, with thirty-three CVEs currently documented. These vulnerabilities predominantly stem from insufficient input validation, leading to critical issues such as remote code execution, cross-site scripting, and SQL injection. Additionally, several incidents involve broken access control and privilege escalation, allowing unauthorized users to manipulate administrative functions or execute arbitrary commands on the server. The high frequency of these defects suggests systemic weaknesses in the application’s security architecture and input sanitization processes. While the platform offers functional utility for content publishing, its extensive history of exploitable bugs necessitates rigorous patching and strict access controls for any deployment, highlighting the risks associated with maintaining legacy open-source software without continuous, proactive security auditing.

Top products by baserproject: basercms
CVE IDTitleCVSSSeverityPublished
CVE-2026-32734 baserCMS: Multiple vulnerabilities in baserCMS — basercmsCWE-79 7.1 High2026-03-31
CVE-2026-30879 baserCMS: Cross-site scripting vulnerability in blog post — basercmsCWE-79 6.1AIMediumAI2026-03-31
CVE-2026-30940 baserCMS: Path Traversal in Theme File API Leads to Arbitrary File Write and RCE — basercmsCWE-22 7.2 High2026-03-31
CVE-2026-30878 baserCMS: Mail Form Acceptance Bypass via Public API — basercmsCWE-285 5.3 Medium2026-03-31
CVE-2026-30877 baserCMS: OS Command Injection in the baserCMS Update Functionality — basercmsCWE-78 9.1 Critical2026-03-31
CVE-2026-30880 baserCMS: OS command injection vulnerability in installer — basercmsCWE-78 9.8AICriticalAI2026-03-31
CVE-2026-27697 baserCMS: SQL injection vulnerability in blog post — basercmsCWE-89 9.8AICriticalAI2026-03-31
CVE-2026-21861 baserCMS: OS Command Injection Leading to Remote Code Execution (RCE) — basercmsCWE-78 9.1 Critical2026-03-31
CVE-2025-32957 baserCMS: unsafe File Upload Leading to Remote Code Execution (RCE) — basercmsCWE-434 8.7 High2026-03-31
CVE-2024-46998 baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature — basercmsCWE-79 7.1 High2024-10-24
CVE-2024-46996 baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature — basercmsCWE-79 6.3 Medium2024-10-24
CVE-2024-46995 baserCMS has Cross-site Scripting Vulnerability in HTTP 400 Bad Request — basercmsCWE-79 6.1 Medium2024-10-24
CVE-2024-46994 baserCMS has Cross-site Scripting Vulnerability in Blog posts and Contents list Feature — basercmsCWE-79 5.4 Medium2024-10-24
CVE-2024-26128 baserCMS Cross-site Scripting vulnerability in Content Management — basercmsCWE-79 5.4 Medium2024-02-22
CVE-2023-51450 baserCMS OS command injection vulnerability in Installer — basercmsCWE-78 5.6 Medium2024-02-22
CVE-2023-44379 baserCMS Cross-site Scripting vulnerability in Site search Feature — basercmsCWE-79 6.1 Medium2024-02-22
CVE-2023-43792 baserCMS Code Injection Vulnerability in Mail Form Feature — basercmsCWE-94 9.8 -2023-10-30
CVE-2023-43649 baserCMS CSRF vulnerability in Content preview Feature — basercmsCWE-352 4.7 Medium2023-10-30
CVE-2023-43648 baserCMS Directory Traversal vulnerability in Form submission data management Feature — basercmsCWE-22 4.9 Medium2023-10-30
CVE-2023-43647 baserCMS Cross-site Scripting vulnerability in File upload Feature — basercmsCWE-79 6.1 Medium2023-10-30
CVE-2023-29009 basercms XSS Vulnerability via Favorites Feature — basercmsCWE-79 6.1 Medium2023-10-27
CVE-2023-25655 baserCMS allows any file to be uploaded — basercmsCWE-434 9.8 Critical2023-03-23
CVE-2023-25654 baserCMS File Uploader Remote Code Execution (RCE) vulnerability — basercmsCWE-434 9.8 Critical2023-03-23
CVE-2022-39325 Cross-site scripting vulnerability in BaserCMS — basercmsCWE-79 4.6 Medium2022-11-25
CVE-2021-41279 Zip Slip Vulnerability in BaserCMS — basercmsCWE-22 7.7 High2021-11-26
CVE-2021-41243 OS Command Injection Vulnerability and Potential Zip Slip Vulnerability — basercmsCWE-78 9.1 Critical2021-11-26
CVE-2021-39136 Cross-site scripting vulnerability in file upload — basercmsCWE-79 8.7 High2021-08-25
CVE-2020-15273 Cross-Site Scripting in baserCMS — basercmsCWE-79 7.3 High2020-10-30
CVE-2020-15276 Cross Site Scripting in baserCMS — basercmsCWE-79 7.7 High2020-10-30
CVE-2020-15277 Remote Code Execution in baserCMS — basercmsCWE-434 7.2 High2020-10-30

This page lists every published CVE security advisory associated with baserproject. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.