{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-30940", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-07T17:34:39.978Z", "datePublished": "2026-03-31T00:45:35.177Z", "dateUpdated": "2026-04-02T14:46:54.107Z"}, "containers": {"cna": {"title": "baserCMS: Path Traversal in Theme File API Leads to Arbitrary File Write and RCE", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-73", "lang": "en", "description": "CWE-73: External Control of File Name or Path", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-c5c6-37vq-pjcq", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-c5c6-37vq-pjcq"}, {"name": "https://basercms.net/security/JVN_20837860", "tags": ["x_refsource_MISC"], "url": "https://basercms.net/security/JVN_20837860"}, {"name": "https://github.com/baserproject/basercms/releases/tag/5.2.3", "tags": ["x_refsource_MISC"], "url": "https://github.com/baserproject/basercms/releases/tag/5.2.3"}], "affected": [{"vendor": "baserproject", "product": "basercms", "versions": [{"version": "< 5.2.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T00:45:35.177Z"}, "descriptions": [{"lang": "en", "value": "baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API (/baser/api/admin/bc-theme-file/theme_files/add.json) that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path parameter to create a PHP file in an arbitrary directory outside the theme directory, which may result in remote code execution (RCE). This issue has been patched in version 5.2.3."}], "source": {"advisory": "GHSA-c5c6-37vq-pjcq", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T14:46:24.039682Z", "id": "CVE-2026-30940", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T14:46:54.107Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-30940", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-02T14:46:24.039682Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T14:46:39.387Z"}}], "cna": {"title": "baserCMS: Path Traversal in Theme File API Leads to Arbitrary File Write and RCE", "source": {"advisory": "GHSA-c5c6-37vq-pjcq", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "baserproject", "product": "basercms", "versions": [{"status": "affected", "version": "< 5.2.3"}]}], "references": [{"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-c5c6-37vq-pjcq", "name": "https://github.com/baserproject/basercms/security/advisories/GHSA-c5c6-37vq-pjcq", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://basercms.net/security/JVN_20837860", "name": "https://basercms.net/security/JVN_20837860", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/baserproject/basercms/releases/tag/5.2.3", "name": "https://github.com/baserproject/basercms/releases/tag/5.2.3", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API (/baser/api/admin/bc-theme-file/theme_files/add.json) that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path parameter to create a PHP file in an arbitrary directory outside the theme directory, which may result in remote code execution (RCE). This issue has been patched in version 5.2.3."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-73", "description": "CWE-73: External Control of File Name or Path"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T00:45:35.177Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30940", "state": "PUBLISHED", "dateUpdated": "2026-04-02T14:46:54.107Z", "dateReserved": "2026-03-07T17:34:39.978Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-31T00:45:35.177Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*", "matchCriteriaId": "07DEEEF3-0621-431D-8A38-405EDBD0957E", "versionEndExcluding": "5.2.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API (/baser/api/admin/bc-theme-file/theme_files/add.json) that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path parameter to create a PHP file in an arbitrary directory outside the theme directory, which may result in remote code execution (RCE). This issue has been patched in version 5.2.3."}, {"lang": "es", "value": "baserCMS es un framework de desarrollo de sitios web. Antes de la versi\u00f3n 5.2.3, existe una vulnerabilidad de salto de ruta en la API de gesti\u00f3n de archivos de temas (/baser/api/admin/bc-theme-file/theme_files/add.json) que permite la escritura arbitraria de archivos. Un administrador autenticado puede incluir secuencias ../ en el par\u00e1metro de ruta para crear un archivo PHP en un directorio arbitrario fuera del directorio de temas, lo que puede resultar en ejecuci\u00f3n remota de c\u00f3digo (RCE). Este problema ha sido parcheado en la versi\u00f3n 5.2.3."}], "id": "CVE-2026-30940", "lastModified": "2026-04-01T20:26:17.970", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-31T01:16:36.430", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://basercms.net/security/JVN_20837860"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/baserproject/basercms/releases/tag/5.2.3"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-c5c6-37vq-pjcq"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-73"}], "source": "security-advisories@github.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,5.2.3)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "basercms", "vendor": "baserproject"}], "analysis": {"en": {"generated_at": "2026-04-02T03:18:50.515701+00:00", "value": {"mitigation_remediation": ["Upgrade baserCMS to version 5.2.3 or later.", "If an upgrade cannot be performed immediately, disable write permissions for the theme file API or lock down the directory used for theme files.", "Restrict access to the admin API to trusted administrators and monitor for suspicious use of file creation endpoints."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The issue affects baserproject basercms installations running any version before 5.2.3. Only the default theme file API endpoint ( /baser/api/admin/bc-theme-file/theme_files/add.json ) is vulnerable, and it requires a user with administrator privileges.", "description_and_impact": "An authenticated administrator can exploit a path traversal flaw in the theme file management API, allowing the creation of arbitrary files outside the intended theme directory. By inserting \"../\" sequences into the path parameter, an attacker can write a PHP file to any location with write permission, potentially leading to remote code execution. The weakness exemplifies a combination of directory traversal and arbitrary file write, enabling attackers to compromise the integrity of the application and its surrounding filesystem.", "risk_and_exploitability": "The CVSS score of 7.2 indicates a medium to high severity, and the EPSS score of less than 1% suggests that exploitation is currently considered unlikely. The vulnerability is not listed in CISA\u2019s KEV catalog, so there are no widely documented exploits yet. Exploitation requires authenticated access to the admin API; once achieved, the path traversal allows the attacker to place a PHP file anywhere writable, providing a straightforward attack path to remote code execution. The impact is potentially system-wide due to the ability to write files in arbitrary locations."}}}}, "created": "2026-03-31T19:56:39.719682+00:00", "updated": "2026-04-03T09:10:41.931597+00:00", "vendors": ["baserproject", "baserproject$PRODUCT$basercms"]}