CVE-2025-34506

High CVSS: 8.6

WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed.

Vendor

Wbce

Product

Wbce Cms

CWE

CWE-434

Yayın Tarihi

2025-12-11 22:15:53

Güncelleme

2025-12-15 18:07:41

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-434 Wbce Cms HIGH Wbce 2025

Referanslar

https://github.com/Swammers8/WBCE-v1.6.3-Authenticated-RCE https://github.com/WBCE/WBCE_CMS https://wbce-cms.org/ https://www.exploit-db.com/exploits/52132 https://www.vulncheck.com/advisories/wbce-cms-authenticated-remote-code-execution-via-module-upload https://youtu.be/Dhg5gRe9Dzs?si=-WQoiWU1yqvYNz1e

Benzer Kayıtlar

High

CVE-2022-50936

WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload mal…

Medium

CVE-2023-53909

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malici…

Medium

CVE-2023-53910

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malici…

High

CVE-2023-53901

WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to c…

High

CVE-2024-58283

WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload mali…

Critical

CVE-2025-65950

WBCE CMS is a content management system. In versions 1.6.4 and below, the user management module allows a low-privileged…