PT-2022-17076 · Wbce Cms · Wbce Cms
Published
2022-02-23
·
Updated
2022-03-03
·
CVE-2022-25099
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WBCE CMS version 1.5.2
Description
A vulnerability in the component /languages/index.php allows attackers to execute arbitrary code via a crafted PHP file.
Recommendations
For WBCE CMS version 1.5.2, consider disabling access to the /languages/index.php component until a patch is available. Restrict the ability to upload or execute PHP files to minimize the risk of exploitation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Wbce Cms