CVE-2026-30878

Published: Mar 31, 2026Modified: Apr 1, 2026

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: security-advisories@github.com (Secondary)

Description

baserCMS is a website development framework. Prior to version 5.2.3, a public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables spam or abuse via the API. This issue has been patched in version 5.2.3.

Affected (1)

Products: Basercms: Basercms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Basercms Basercms	Before 5.2.3

Related CWEs

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (4)

https://basercms.net/security/JVN_20837860

Source: security-advisories@github.com

Vendor Advisory

https://github.com/baserproject/basercms/releases/tag/5.2.3

Source: security-advisories@github.com

Release Notes

https://github.com/baserproject/basercms/security/advisories/GHSA-8cr7-r8qw-gp3c

Source: security-advisories@github.com

ExploitVendor Advisory

https://github.com/baserproject/basercms/security/advisories/GHSA-8cr7-r8qw-gp3c

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitVendor Advisory

Timeline

No history available yet.