CVE-2024-58283

High CVSS: 8.7

WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter.

Vendor

Wbce

Product

Wbce Cms

CWE

CWE-434

Yayın Tarihi

2025-12-10 22:16:20

Güncelleme

2025-12-16 15:09:04

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-434 Wbce Cms HIGH Wbce 2025

Referanslar

https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zip https://wbce-cms.org/ https://www.exploit-db.com/exploits/52039 https://www.vulncheck.com/advisories/wbce-cms-remote-code-execution-via-elfinder-file-upload https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zip

Benzer Kayıtlar

High

CVE-2022-50936

WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload mal…

Medium

CVE-2023-53909

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malici…

Medium

CVE-2023-53910

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malici…

High

CVE-2023-53901

WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to c…

High

CVE-2025-34506

WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrator…

Critical

CVE-2025-65950

WBCE CMS is a content management system. In versions 1.6.4 and below, the user management module allows a low-privileged…