An authenticated administrator can achieve full system compromise in baserCMS by exploiting an OS command injection vulnerability within the core update feature.

The core update functionality in baserCMS fails to properly validate user-controlled input before passing it to the PHP exec() function. An authenticated user with administrative privileges can inject malicious shell commands, leading to arbitrary code execution on the host operating system.

While this vulnerability requires administrative authentication, it poses a severe risk of privilege escalation from a web administrator to a full system root/user. This could lead to the complete compromise of the hosting server and all hosted data. The CVSS score of 9.1 reflects the critical impact on system integrity and confidentiality.

Immediate Action: Update baserCMS to version 5.2.3 or later immediately to resolve the improper handling of input in the update module.

Proactive Monitoring: Audit administrative activity logs for unusual command execution patterns and monitor the underlying OS for unauthorized processes originating from the web server user.

Compensating Controls: Implement the principle of least privilege by ensuring the web server process runs with minimal OS permissions and utilize security modules like SELinux or AppArmor to restrict command execution.

Public Exploit Available: No

Organizations using baserCMS should apply the 5.2.3 patch immediately. Furthermore, administrative access should be strictly controlled and monitored to prevent the exploitation of such high-impact administrative vulnerabilities.