PT-2025-50532 · Wbce Cms+1 · Wbce Cms+1
Published
2025-12-10
·
Updated
2025-12-11
·
CVE-2024-58283
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WBCE CMS version 1.6.2
Description
WBCE CMS version 1.6.2 has a remote code execution issue. Authenticated attackers can upload malicious PHP files using the Elfinder file manager. The file upload functionality within the elfinder connector allows attackers to upload a web shell and execute arbitrary system commands through a user-controlled parameter.
Recommendations
Update WBCE CMS to a version that addresses this issue. As a temporary workaround, restrict access to the Elfinder file manager.
Exploit
Fix
RCE
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Elfinder
Wbce Cms