CVE-2026-30940 | baserproject basercms up to 5.2.2 Theme File Management API add.json path path traversal (GHSA-c5c6-37vq-pjcq)

A vulnerability, which was classified as critical, has been found in baserproject basercms up to 5.2.2. Affected by this vulnerability is an unknown functionality of the file /baser/api/admin/bc-theme-file/theme_files/add.json of the component Theme File Management API. The manipulation of the argument path leads to path traversal.

This vulnerability is traded as CVE-2026-30940. It is possible to initiate the attack remotely. There is no exploit available.

It is advisable to upgrade the affected component.

CVE-2026-30940 | baserproject basercms up to 5.2.2 Theme File Management API add.json path path traversal (GHSA-c5c6-37vq-pjcq)

Post correlati

CVE-2025-10673 | itsourcecode Student Information Management System 1.0 index.php classId sql injection

VDB-254693 | Backdoor.Win32.Armageddon.r Service Port 5859 Password hard-coded password

CVE-2023-48426 | Google Chromecast 5.0 U-Boot Remote Code Execution

CVE-2025-20215 | Cisco Webex Meetings Meeting-join certificate validation (cisco-sa-webex-join-yNXfqHk4)