CVE-2025-65950

Name of the Vulnerable Software and Affected Versions WBCE CMS versions prior to 1.6.5

Description WBCE CMS is a content management system. Versions 1.6.4 and below contain a flaw in the user management module that allows a low-privileged authenticated user with user modification permissions to execute arbitrary SQL queries. Successful exploitation could lead to a full database compromise and data exfiltration, bypassing security controls. The issue resides in the admin/users/save.php script, specifically in how it handles the groups[] parameter from the user edit form.

Recommendations Update WBCE CMS to version 1.6.5 or later.