Wbce

Wbce Cms

36 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-34506

Exploit
  • EPSS 0.84%
  • Veröffentlicht 11.12.2025 21:44:03
  • Zuletzt bearbeitet 15.12.2025 18:07:41

WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain re...

8.8

CVE-2024-58283

Exploit
  • EPSS 0.38%
  • Veröffentlicht 10.12.2025 21:14:54
  • Zuletzt bearbeitet 16.12.2025 15:09:04

WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector t...

8.8

CVE-2025-65950

Exploit
  • EPSS 0.04%
  • Veröffentlicht 10.12.2025 20:39:27
  • Zuletzt bearbeitet 16.12.2025 15:10:47

WBCE CMS is a content management system. In versions 1.6.4 and below, the user management module allows a low-privileged authenticated user with permissions to modify users to execute arbitrary SQL queries. This can be escalated to a full database co...

9.8

CVE-2025-67504

Exploit
  • EPSS 0.04%
  • Veröffentlicht 09.12.2025 03:31:17
  • Zuletzt bearbeitet 11.12.2025 15:52:28

WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword() to create passwords using PHP's rand(). rand() is not cryptographically secure, which allows password sequences to be predicted or brute-forced. T...

8.1

CVE-2025-66204

Exploit
  • EPSS 0.07%
  • Veröffentlicht 08.12.2025 23:50:58
  • Zuletzt bearbeitet 11.12.2025 16:02:38

WBCE CMS is a content management system. Version 1.6.4 contains a brute-force protection bypass where an attacker can indefinitely reset the counter by modifying `X-Forwarded-For` on each request, gaining unlimited password guessing attempts, effecti...

8.8

CVE-2025-65094

Exploit
  • EPSS 0.05%
  • Veröffentlicht 19.11.2025 19:06:21
  • Zuletzt bearbeitet 15.12.2025 14:10:48

WBCE CMS is a content management system. Prior to version 1.6.4, a low-privileged user in WBCE CMS can escalate their privileges to the Administrators group by manipulating the groups[] parameter in the /admin/users/save.php request. The UI restricts...

9.8

CVE-2023-39796

  • EPSS 77.19%
  • Veröffentlicht 10.11.2023 06:15:30
  • Zuletzt bearbeitet 21.11.2024 08:15:56

SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the DB_RECORD_TABLE parameter.

5.4

CVE-2023-46054

Exploit
  • EPSS 0.11%
  • Veröffentlicht 21.10.2023 07:15:07
  • Zuletzt bearbeitet 21.11.2024 08:27:49

Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component.

5.4

CVE-2023-43871

Exploit
  • EPSS 0.21%
  • Veröffentlicht 28.09.2023 14:15:23
  • Zuletzt bearbeitet 21.11.2024 08:24:55

A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).

7.2

CVE-2023-38947

Exploit
  • EPSS 0.16%
  • Veröffentlicht 03.08.2023 16:15:12
  • Zuletzt bearbeitet 21.11.2024 08:14:30

An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file.