Vulnerability-Lookup

CVE-2026-27697 (GCVE-0-2026-27697)

Vulnerability from cvelistv5 – Published: 2026-03-31 00:44 – Updated: 2026-03-31 15:28

Title

baserCMS: SQL injection vulnerability in blog post

Summary

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3.

Severity ?

6.9 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

CWE

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/baserproject/basercms/security…	x_refsource_CONFIRM
	https://basercms.net/security/JVN_20837860	x_refsource_MISC
	https://github.com/baserproject/basercms/releases…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	baserproject	basercms	Affected: < 5.2.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-27697",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-31T15:27:51.222627Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-31T15:28:00.580Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "basercms",
          "vendor": "baserproject",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 5.2.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-31T00:44:20.442Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/baserproject/basercms/security/advisories/GHSA-vh89-rjph-2g7p",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-vh89-rjph-2g7p"
        },
        {
          "name": "https://basercms.net/security/JVN_20837860",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://basercms.net/security/JVN_20837860"
        },
        {
          "name": "https://github.com/baserproject/basercms/releases/tag/5.2.3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/baserproject/basercms/releases/tag/5.2.3"
        }
      ],
      "source": {
        "advisory": "GHSA-vh89-rjph-2g7p",
        "discovery": "UNKNOWN"
      },
      "title": "baserCMS: SQL injection vulnerability in blog post"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-27697",
    "datePublished": "2026-03-31T00:44:20.442Z",
    "dateReserved": "2026-02-23T17:56:51.202Z",
    "dateUpdated": "2026-03-31T15:28:00.580Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-27697\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-31T01:16:35.693\",\"lastModified\":\"2026-04-01T20:29:10.060\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3.\"},{\"lang\":\"es\",\"value\":\"baserCMS es un framework de desarrollo de sitios web. Antes de la versi\u00f3n 5.2.3, baserCMS tiene una vulnerabilidad de inyecci\u00f3n SQL en las publicaciones de blog. Este problema ha sido parcheado en la versi\u00f3n 5.2.3.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.3\",\"matchCriteriaId\":\"07DEEEF3-0621-431D-8A38-405EDBD0957E\"}]}]}],\"references\":[{\"url\":\"https://basercms.net/security/JVN_20837860\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/baserproject/basercms/releases/tag/5.2.3\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/baserproject/basercms/security/advisories/GHSA-vh89-rjph-2g7p\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-27697\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-31T15:27:51.222627Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-31T15:27:56.097Z\"}}], \"cna\": {\"title\": \"baserCMS: SQL injection vulnerability in blog post\", \"source\": {\"advisory\": \"GHSA-vh89-rjph-2g7p\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 6.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"baserproject\", \"product\": \"basercms\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 5.2.3\"}]}], \"references\": [{\"url\": \"https://github.com/baserproject/basercms/security/advisories/GHSA-vh89-rjph-2g7p\", \"name\": \"https://github.com/baserproject/basercms/security/advisories/GHSA-vh89-rjph-2g7p\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://basercms.net/security/JVN_20837860\", \"name\": \"https://basercms.net/security/JVN_20837860\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/baserproject/basercms/releases/tag/5.2.3\", \"name\": \"https://github.com/baserproject/basercms/releases/tag/5.2.3\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-89\", \"description\": \"CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-31T00:44:20.442Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-27697\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-31T15:28:00.580Z\", \"dateReserved\": \"2026-02-23T17:56:51.202Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-31T00:44:20.442Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

JVNDB-2026-000047

Vulnerability from jvndb - Published: 2026-03-27 18:00 - Updated:2026-03-27 18:00

Severity ?

8.1 (High) - cvssV3_0 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities in baserCMS

Details

baserCMS provided by baserCMS User Community contains multiple vulnerabilities listed below.

Cross-site scripting (CWE-79) - CVE-2026-30879
OS command injection (CWE-78) - CVE-2026-30880
SQL injection (CWE-89) - CVE-2026-27697
Cross-site scripting (CWE-79) - CVE-2026-32734

CVE-2026-30879 Gai Tanaka of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. quanlna2 (Le Nguyen Anh Quan), namdi (Do Ich Nam), minhnn42 (Nguyen Ngoc Minh) of VCSLab - Viettel Cyber Security reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2026-30880 REN XINGDIAN reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2026-27697 Mirai Matsumoto of Future Secure Wave, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2026-32734 quanlna2 (Le Nguyen Anh Quan), namdi (Do Ich Nam), minhnn42 (Nguyen Ngoc Minh) of VCSLab - Viettel Cyber Security reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC coordinated with the developer.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN20837860/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-30879
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-30880
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-27697
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-32734
	OS Command Injection(CWE-78)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	SQL Injection(CWE-89)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

baserCMS Users Community

baserCMS

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000047.html",
  "dc:date": "2026-03-27T18:00+09:00",
  "dcterms:issued": "2026-03-27T18:00+09:00",
  "dcterms:modified": "2026-03-27T18:00+09:00",
  "description": "baserCMS provided by baserCMS User Community contains multiple vulnerabilities listed below.\u003ca href=\u0027https://cwe.mitre.org/data/definitions/79.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/78.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/89.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/79.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003eCross-site scripting (CWE-79) - CVE-2026-30879\u003c/li\u003e\u003cli\u003eOS command injection (CWE-78) - CVE-2026-30880\u003c/li\u003e\u003cli\u003eSQL injection (CWE-89) - CVE-2026-27697\u003c/li\u003e\u003cli\u003eCross-site scripting (CWE-79) - CVE-2026-32734\u003c/li\u003e\u003c/ul\u003eCVE-2026-30879\r\nGai Tanaka of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nquanlna2 (Le Nguyen Anh Quan), namdi (Do Ich Nam), minhnn42 (Nguyen Ngoc Minh) of VCSLab - Viettel Cyber Security reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2026-30880\r\nREN XINGDIAN reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2026-27697\r\nMirai Matsumoto of Future Secure Wave, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2026-32734\r\nquanlna2 (Le Nguyen Anh Quan), namdi (Do Ich Nam), minhnn42 (Nguyen Ngoc Minh) of VCSLab - Viettel Cyber Security reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC coordinated with the developer.",
  "link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000047.html",
  "sec:cpe": {
    "#text": "cpe:/a:basercms:basercms",
    "@product": "baserCMS",
    "@vendor": "baserCMS Users Community",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "8.1",
    "@severity": "High",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2026-000047",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN20837860/index.html",
      "@id": "JVN#20837860",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-30879",
      "@id": "CVE-2026-30879",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-30880",
      "@id": "CVE-2026-30880",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-27697",
      "@id": "CVE-2026-27697",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-32734",
      "@id": "CVE-2026-32734",
      "@source": "CVE"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-89",
      "@title": "SQL Injection(CWE-89)"
    }
  ],
  "title": "Multiple vulnerabilities in baserCMS"
}

FKIE_CVE-2026-27697

Vulnerability from fkie_nvd - Published: 2026-03-31 01:16 - Updated: 2026-04-01 14:24

Severity ?

6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Summary

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3.

References

	URL	Tags
	security-advisories@github.com	https://basercms.net/security/JVN_20837860
	security-advisories@github.com	https://github.com/baserproject/basercms/releases/tag/5.2.3
	security-advisories@github.com	https://github.com/baserproject/basercms/security/advisories/GHSA-vh89-rjph-2g7p

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3."
    },
    {
      "lang": "es",
      "value": "baserCMS es un framework de desarrollo de sitios web. Antes de la versi\u00f3n 5.2.3, baserCMS tiene una vulnerabilidad de inyecci\u00f3n SQL en las publicaciones de blog. Este problema ha sido parcheado en la versi\u00f3n 5.2.3."
    }
  ],
  "id": "CVE-2026-27697",
  "lastModified": "2026-04-01T14:24:02.583",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 6.9,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "LOW",
          "vulnConfidentialityImpact": "LOW",
          "vulnIntegrityImpact": "LOW",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-03-31T01:16:35.693",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://basercms.net/security/JVN_20837860"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/baserproject/basercms/releases/tag/5.2.3"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-vh89-rjph-2g7p"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Undergoing Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

GHSA-VH89-RJPH-2G7P

Vulnerability from github – Published: 2026-03-31 22:35 – Updated: 2026-03-31 22:35

Summary

baserCMS has an SQL injection vulnerability in its blog post functionality

Details

baserCMS has a SQL injection vulnerability in blog posts.

Target

baserCMS 5.2.2 and earlier versions

Vulnerability

Malicious SQL may be executed in blog posts.

Countermeasures

Update to the latest version of baserCMS

Please refer to the following page to reference for more information. https://basercms.net/security/JVN_52157568

Credits

Mirai Matsumoto@Future Secure Wave, Inc.

Severity ?

6.9 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 5.2.2"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "baserproject/basercms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-27697"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-31T22:35:08Z",
    "nvd_published_at": "2026-03-31T01:16:35Z",
    "severity": "MODERATE"
  },
  "details": "baserCMS has a SQL injection vulnerability in blog posts.\n\n### Target\nbaserCMS 5.2.2 and earlier versions\n\n### Vulnerability\n\nMalicious SQL may be executed in blog posts.\n\n### Countermeasures\nUpdate to the latest version of baserCMS\n\nPlease refer to the following page to reference for more information.\nhttps://basercms.net/security/JVN_52157568\n\n### Credits\n\nMirai Matsumoto@Future Secure Wave, Inc.",
  "id": "GHSA-vh89-rjph-2g7p",
  "modified": "2026-03-31T22:35:08Z",
  "published": "2026-03-31T22:35:08Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-vh89-rjph-2g7p"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27697"
    },
    {
      "type": "WEB",
      "url": "https://basercms.net/security/JVN_20837860"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/baserproject/basercms"
    },
    {
      "type": "WEB",
      "url": "https://github.com/baserproject/basercms/releases/tag/5.2.3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "baserCMS has an SQL injection vulnerability in its blog post functionality"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-27697 (GCVE-0-2026-27697)

JVNDB-2026-000047

FKIE_CVE-2026-27697

GHSA-VH89-RJPH-2G7P

Target

Vulnerability

Countermeasures

Credits

Tags

Sightings

Nomenclature