Search
Find a vulnerability
Search criteria
6 vulnerabilities found for WBCE CMS by Wbce
CVE-2022-50936 (GCVE-0-2022-50936)
Vulnerability from nvd – Published: 2026-01-13 22:52 – Updated: 2026-03-05 01:29
VLAI
Title
WBCE CMS 1.5.2 - Remote Code Execution (RCE) (Authenticated)
Summary
WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by crafting a specially designed zip file payload.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/50707 | exploit |
| https://wbce.org/ | product |
| https://wbce.org/de/downloads/ | product |
| https://github.com/WBCE/WBCE_CMS | product |
| https://www.vulncheck.com/advisories/wbce-cms-rem… | third-party-advisory |
Date Public
2022-02-01 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-50936",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T15:48:43.769160Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T19:19:03.651Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WBCE CMS",
"vendor": "Wbce",
"versions": [
{
"status": "affected",
"version": "1.5.2"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wbce:wbce_cms:1.6.5:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Antonio Cuomo (arkantolo)"
}
],
"datePublic": "2022-02-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by crafting a specially designed zip file payload."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T01:29:37.229Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-50707",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/50707"
},
{
"name": "WBCE CMS Official Website",
"tags": [
"product"
],
"url": "https://wbce.org/"
},
{
"name": "WBCE CMS Downloads Page",
"tags": [
"product"
],
"url": "https://wbce.org/de/downloads/"
},
{
"name": "WBCE CMS GitHub Repository",
"tags": [
"product"
],
"url": "https://github.com/WBCE/WBCE_CMS"
},
{
"name": "VulnCheck Advisory: WBCE CMS 1.5.2 - Remote Code Execution (RCE) (Authenticated)",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/wbce-cms-remote-code-execution-rce-authenticated"
}
],
"title": "WBCE CMS 1.5.2 - Remote Code Execution (RCE) (Authenticated)",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2022-50936",
"datePublished": "2026-01-13T22:52:02.201Z",
"dateReserved": "2026-01-11T13:34:26.329Z",
"dateUpdated": "2026-03-05T01:29:37.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-34506 (GCVE-0-2025-34506)
Vulnerability from nvd – Published: 2025-12-11 21:44 – Updated: 2026-04-07 14:09
VLAI
Title
WBCE CMS 1.6.3 Authenticated Remote Code Execution via Module Upload
Summary
WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/52132 | exploit |
| https://wbce-cms.org/ | product |
| https://github.com/WBCE/WBCE_CMS | product |
| https://youtu.be/Dhg5gRe9Dzs?si=-WQoiWU1yqvYNz1e | product |
| https://github.com/Swammers8/WBCE-v1.6.3-Authenti… | technical-description |
| https://www.vulncheck.com/advisories/wbce-cms-aut… | third-party-advisory |
Date Public
2025-04-06 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34506",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-12T19:33:20.317634Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-12T19:33:29.645Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WBCE CMS",
"vendor": "WBCE",
"versions": [
{
"status": "affected",
"version": "1.6.3"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wbce:wbce_cms:1.6.5:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Swammers8"
}
],
"datePublic": "2025-04-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed.\u003c/p\u003e"
}
],
"value": "WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:09:48.640Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-52132",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/52132"
},
{
"name": "WBCE CMS Homepage",
"tags": [
"product"
],
"url": "https://wbce-cms.org/"
},
{
"name": "WBCE CMS GitHub Repository",
"tags": [
"product"
],
"url": "https://github.com/WBCE/WBCE_CMS"
},
{
"name": "YouTube Demonstration",
"tags": [
"product"
],
"url": "https://youtu.be/Dhg5gRe9Dzs?si=-WQoiWU1yqvYNz1e"
},
{
"name": "Swammers8 GitHub Repository",
"tags": [
"technical-description"
],
"url": "https://github.com/Swammers8/WBCE-v1.6.3-Authenticated-RCE"
},
{
"name": "VulnCheck Advisory: WBCE CMS 1.6.3 Authenticated Remote Code Execution via Module Upload",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/wbce-cms-authenticated-remote-code-execution-via-module-upload"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WBCE CMS 1.6.3 Authenticated Remote Code Execution via Module Upload",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34506",
"datePublished": "2025-12-11T21:44:03.538Z",
"dateReserved": "2025-04-15T19:15:22.611Z",
"dateUpdated": "2026-04-07T14:09:48.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-58283 (GCVE-0-2024-58283)
Vulnerability from nvd – Published: 2025-12-10 21:14 – Updated: 2026-04-07 14:08
VLAI
Title
WBCE CMS 1.6.2 Remote Code Execution via Elfinder File Upload
Summary
WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/52039 | exploit |
| https://wbce-cms.org/ | product |
| https://github.com/WBCE/WBCE_CMS/archive/refs/tag… | product |
| https://www.vulncheck.com/advisories/wbce-cms-rem… | third-party-advisory |
Date Public
2024-06-03 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-58283",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T15:43:32.959358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T18:51:34.057Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zip"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WBCE CMS",
"vendor": "wbce",
"versions": [
{
"status": "affected",
"version": "1.6.2"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wbce:wbce_cms:1.6.5:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ahmet \u00dcmit BAYRAM"
}
],
"datePublic": "2024-06-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter.\u003c/p\u003e"
}
],
"value": "WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:08:36.289Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-52039",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/52039"
},
{
"name": "WBCE CMS Homepage",
"tags": [
"product"
],
"url": "https://wbce-cms.org/"
},
{
"name": "WBCE CMS GitHub Repository",
"tags": [
"product"
],
"url": "https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zip"
},
{
"name": "VulnCheck Advisory: WBCE CMS 1.6.2 Remote Code Execution via Elfinder File Upload",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/wbce-cms-remote-code-execution-via-elfinder-file-upload"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WBCE CMS 1.6.2 Remote Code Execution via Elfinder File Upload",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-58283",
"datePublished": "2025-12-10T21:14:54.713Z",
"dateReserved": "2025-12-10T14:35:24.455Z",
"dateUpdated": "2026-04-07T14:08:36.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-50936 (GCVE-0-2022-50936)
Vulnerability from cvelistv5 – Published: 2026-01-13 22:52 – Updated: 2026-03-05 01:29
VLAI
Title
WBCE CMS 1.5.2 - Remote Code Execution (RCE) (Authenticated)
Summary
WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by crafting a specially designed zip file payload.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/50707 | exploit |
| https://wbce.org/ | product |
| https://wbce.org/de/downloads/ | product |
| https://github.com/WBCE/WBCE_CMS | product |
| https://www.vulncheck.com/advisories/wbce-cms-rem… | third-party-advisory |
Date Public
2022-02-01 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-50936",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T15:48:43.769160Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T19:19:03.651Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WBCE CMS",
"vendor": "Wbce",
"versions": [
{
"status": "affected",
"version": "1.5.2"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wbce:wbce_cms:1.6.5:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Antonio Cuomo (arkantolo)"
}
],
"datePublic": "2022-02-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by crafting a specially designed zip file payload."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T01:29:37.229Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-50707",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/50707"
},
{
"name": "WBCE CMS Official Website",
"tags": [
"product"
],
"url": "https://wbce.org/"
},
{
"name": "WBCE CMS Downloads Page",
"tags": [
"product"
],
"url": "https://wbce.org/de/downloads/"
},
{
"name": "WBCE CMS GitHub Repository",
"tags": [
"product"
],
"url": "https://github.com/WBCE/WBCE_CMS"
},
{
"name": "VulnCheck Advisory: WBCE CMS 1.5.2 - Remote Code Execution (RCE) (Authenticated)",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/wbce-cms-remote-code-execution-rce-authenticated"
}
],
"title": "WBCE CMS 1.5.2 - Remote Code Execution (RCE) (Authenticated)",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2022-50936",
"datePublished": "2026-01-13T22:52:02.201Z",
"dateReserved": "2026-01-11T13:34:26.329Z",
"dateUpdated": "2026-03-05T01:29:37.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-34506 (GCVE-0-2025-34506)
Vulnerability from cvelistv5 – Published: 2025-12-11 21:44 – Updated: 2026-04-07 14:09
VLAI
Title
WBCE CMS 1.6.3 Authenticated Remote Code Execution via Module Upload
Summary
WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/52132 | exploit |
| https://wbce-cms.org/ | product |
| https://github.com/WBCE/WBCE_CMS | product |
| https://youtu.be/Dhg5gRe9Dzs?si=-WQoiWU1yqvYNz1e | product |
| https://github.com/Swammers8/WBCE-v1.6.3-Authenti… | technical-description |
| https://www.vulncheck.com/advisories/wbce-cms-aut… | third-party-advisory |
Date Public
2025-04-06 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34506",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-12T19:33:20.317634Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-12T19:33:29.645Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WBCE CMS",
"vendor": "WBCE",
"versions": [
{
"status": "affected",
"version": "1.6.3"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wbce:wbce_cms:1.6.5:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Swammers8"
}
],
"datePublic": "2025-04-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed.\u003c/p\u003e"
}
],
"value": "WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:09:48.640Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-52132",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/52132"
},
{
"name": "WBCE CMS Homepage",
"tags": [
"product"
],
"url": "https://wbce-cms.org/"
},
{
"name": "WBCE CMS GitHub Repository",
"tags": [
"product"
],
"url": "https://github.com/WBCE/WBCE_CMS"
},
{
"name": "YouTube Demonstration",
"tags": [
"product"
],
"url": "https://youtu.be/Dhg5gRe9Dzs?si=-WQoiWU1yqvYNz1e"
},
{
"name": "Swammers8 GitHub Repository",
"tags": [
"technical-description"
],
"url": "https://github.com/Swammers8/WBCE-v1.6.3-Authenticated-RCE"
},
{
"name": "VulnCheck Advisory: WBCE CMS 1.6.3 Authenticated Remote Code Execution via Module Upload",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/wbce-cms-authenticated-remote-code-execution-via-module-upload"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WBCE CMS 1.6.3 Authenticated Remote Code Execution via Module Upload",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34506",
"datePublished": "2025-12-11T21:44:03.538Z",
"dateReserved": "2025-04-15T19:15:22.611Z",
"dateUpdated": "2026-04-07T14:09:48.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-58283 (GCVE-0-2024-58283)
Vulnerability from cvelistv5 – Published: 2025-12-10 21:14 – Updated: 2026-04-07 14:08
VLAI
Title
WBCE CMS 1.6.2 Remote Code Execution via Elfinder File Upload
Summary
WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/52039 | exploit |
| https://wbce-cms.org/ | product |
| https://github.com/WBCE/WBCE_CMS/archive/refs/tag… | product |
| https://www.vulncheck.com/advisories/wbce-cms-rem… | third-party-advisory |
Date Public
2024-06-03 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-58283",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T15:43:32.959358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T18:51:34.057Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zip"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WBCE CMS",
"vendor": "wbce",
"versions": [
{
"status": "affected",
"version": "1.6.2"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wbce:wbce_cms:1.6.5:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ahmet \u00dcmit BAYRAM"
}
],
"datePublic": "2024-06-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter.\u003c/p\u003e"
}
],
"value": "WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:08:36.289Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-52039",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/52039"
},
{
"name": "WBCE CMS Homepage",
"tags": [
"product"
],
"url": "https://wbce-cms.org/"
},
{
"name": "WBCE CMS GitHub Repository",
"tags": [
"product"
],
"url": "https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zip"
},
{
"name": "VulnCheck Advisory: WBCE CMS 1.6.2 Remote Code Execution via Elfinder File Upload",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/wbce-cms-remote-code-execution-via-elfinder-file-upload"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WBCE CMS 1.6.2 Remote Code Execution via Elfinder File Upload",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-58283",
"datePublished": "2025-12-10T21:14:54.713Z",
"dateReserved": "2025-12-10T14:35:24.455Z",
"dateUpdated": "2026-04-07T14:08:36.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}