← Back

Basercms

basercms

Vendor: Basercms • 68 CVEs

CVEs (68)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2016-4877
1Basercms
2Basercms
Mail
May 13, 2026
May 12, 2017
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross-site scripting vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-4876
1Basercms
1Basercms
May 13, 2026
May 12, 2017
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators to execute arbitrary PHP code via unspecified vectors.
CVE-2015-7769
1Basercms
1Basercms
May 6, 2026
Feb 19, 2016
N/A· v4
6.3 MEDIUM· v3
6.5 MEDIUM· v2
baserCMS 3.0.2 through 3.0.8 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.
CVE-2015-5641
1Basercms
1Basercms
May 6, 2026
Oct 6, 2015
N/A· v4
N/A· v3
6.5 MEDIUM· v2
SQL injection vulnerability in baserCMS before 3.0.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-5640
1Basercms
1Basercms
May 6, 2026
Oct 6, 2015
N/A· v4
N/A· v3
6.5 MEDIUM· v2
baserCMS before 3.0.8 allows remote authenticated users to modify arbitrary user settings via a crafted request.
CVE-2012-1248
1Basercms
1Basercms
Apr 29, 2026
May 15, 2012
N/A· v4
N/A· v3
5.1 MEDIUM· v2
app/config/core.php in baserCMS 1.6.15 and earlier does not properly handle installations in shared-hosting environments, which allows remote attackers to hijack sessions by leveraging administrative access to a differen...Show more
app/config/core.php in baserCMS 1.6.15 and earlier does not properly handle installations in shared-hosting environments, which allows remote attackers to hijack sessions by leveraging administrative access to a different domain.Show less
CVE-2011-2674
1Basercms
1Basercms
Apr 29, 2026
Oct 2, 2011
N/A· v4
N/A· v3
4.9 MEDIUM· v2
BaserCMS before 1.6.12 does not properly restrict additions to the membership of the operators group, which allows remote authenticated users to gain privileges via unspecified vectors.
CVE-2011-2673
1Basercms
1Basercms
Apr 29, 2026
Oct 2, 2011
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in BaserCMS before 1.6.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.