8.8

CVE-2025-34506

Exploit

WBCE CMS 1.6.3 Authenticated Remote Code Execution via Module Upload

WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WbceWbce Cms Version <= 1.6.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.77% 0.506
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
disclosure@vulncheck.com 8.6 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://github.com/WBCE/WBCE_CMS
Product
https://wbce-cms.org/
Product
https://www.exploit-db.com/exploits/52132
Third Party Advisory
Exploit
VDB Entry
https://youtu.be/Dhg5gRe9Dzs?si=-WQoiWU1yqvYNz1e
Exploit
https://github.com/Swammers8/WBCE-v1.6.3-Authenticated-RCE
Third Party Advisory
Exploit
https://www.vulncheck.com/advisories/wbce-cms-authenticated-remote-code-execution-via-module-upload
Third Party Advisory