{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-30940", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-07T17:34:39.978Z", "datePublished": "2026-03-31T00:45:35.177Z", "dateUpdated": "2026-03-31T00:45:35.177Z"}, "containers": {"cna": {"title": "baserCMS: Path Traversal in Theme File API Leads to Arbitrary File Write and RCE", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-73", "lang": "en", "description": "CWE-73: External Control of File Name or Path", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-c5c6-37vq-pjcq", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-c5c6-37vq-pjcq"}, {"name": "https://basercms.net/security/JVN_20837860", "tags": ["x_refsource_MISC"], "url": "https://basercms.net/security/JVN_20837860"}, {"name": "https://github.com/baserproject/basercms/releases/tag/5.2.3", "tags": ["x_refsource_MISC"], "url": "https://github.com/baserproject/basercms/releases/tag/5.2.3"}], "affected": [{"vendor": "baserproject", "product": "basercms", "versions": [{"version": "< 5.2.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T00:45:35.177Z"}, "descriptions": [{"lang": "en", "value": "baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API (/baser/api/admin/bc-theme-file/theme_files/add.json) that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path parameter to create a PHP file in an arbitrary directory outside the theme directory, which may result in remote code execution (RCE). This issue has been patched in version 5.2.3."}], "source": {"advisory": "GHSA-c5c6-37vq-pjcq", "discovery": "UNKNOWN"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*", "matchCriteriaId": "07DEEEF3-0621-431D-8A38-405EDBD0957E", "versionEndExcluding": "5.2.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API (/baser/api/admin/bc-theme-file/theme_files/add.json) that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path parameter to create a PHP file in an arbitrary directory outside the theme directory, which may result in remote code execution (RCE). This issue has been patched in version 5.2.3."}, {"lang": "es", "value": "baserCMS es un framework de desarrollo de sitios web. Antes de la versi\u00f3n 5.2.3, existe una vulnerabilidad de salto de ruta en la API de gesti\u00f3n de archivos de temas (/baser/api/admin/bc-theme-file/theme_files/add.json) que permite la escritura arbitraria de archivos. Un administrador autenticado puede incluir secuencias ../ en el par\u00e1metro de ruta para crear un archivo PHP en un directorio arbitrario fuera del directorio de temas, lo que puede resultar en ejecuci\u00f3n remota de c\u00f3digo (RCE). Este problema ha sido parcheado en la versi\u00f3n 5.2.3."}], "id": "CVE-2026-30940", "lastModified": "2026-04-01T20:26:17.970", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-31T01:16:36.430", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://basercms.net/security/JVN_20837860"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/baserproject/basercms/releases/tag/5.2.3"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-c5c6-37vq-pjcq"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-73"}], "source": "security-advisories@github.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-31T05:36:30.704947+00:00", "value": {"mitigation_remediation": ["Apply the official baserCMS patch by upgrading to version 5.2.3 or later", "Verify that only trusted administrators have access to the CMS API, and enforce strong, unique passwords", "Perform a code review of any custom plugins or themes to ensure no directed uploads exist outside the intended directories", "Schedule a follow\u2011up assessment to confirm the vulnerability has been fully remediated"], "summary": {"action": "Patch Immediately", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Systems running baserCMS version 5.2.2 or earlier are vulnerable. The affected component is the theme file management endpoint under /baser/api/admin/bc-theme-file/theme_files/add.json. Only administrators with valid credentials can trigger the payload, so the risk is limited to accounts with elevated privileges on the CMS.", "description_and_impact": "A path traversal flaw in the theme file upload API enables an authenticated administrator to include directory traversal sequences in the path parameter. This capability allows the creation of PHP files outside the intended theme directory, effectively writing arbitrary code into the server\u2019s file system. When such a file is executed, the attacker obtains full control over the application, allowing compromise of confidential data or the entire web platform.", "risk_and_exploitability": "The flaw scores 7.2 on the CVSS scale, indicating moderate-to-high severity. EPSS data is not available, and the vulnerability is not listed in the KEV catalog, suggesting no known widespread exploitation yet. However, because the API endpoint is authenticated and the attack can be carried out with the same privileges an administrator holds, the potential impact is high. Once the attacker writes a malicious PHP file, the system effectively becomes a backdoor for further attacks, making timely remediation crucial."}}}}, "created": "2026-03-31T19:56:39.719682+00:00", "updated": "2026-03-31T19:56:39.719707+00:00", "vendors": []}