WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter.
References
| Link | Resource |
|---|---|
| https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zip | Product |
| https://wbce-cms.org/ | Product |
| https://www.exploit-db.com/exploits/52039 | Third Party Advisory VDB Entry |
| https://www.vulncheck.com/advisories/wbce-cms-remote-code-execution-via-elfinder-file-upload | Third Party Advisory |
| https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zip | Product |
Configurations
History
16 Dec 2025, 15:09
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zip - Product | |
| References | () https://wbce-cms.org/ - Product | |
| References | () https://www.exploit-db.com/exploits/52039 - Third Party Advisory, VDB Entry | |
| References | () https://www.vulncheck.com/advisories/wbce-cms-remote-code-execution-via-elfinder-file-upload - Third Party Advisory | |
| First Time |
Wbce
Wbce wbce Cms |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
| CPE | cpe:2.3:a:wbce:wbce_cms:1.6.2:*:*:*:*:*:*:* |
11 Dec 2025, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zip - |
10 Dec 2025, 22:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-12-10 22:16
Updated : 2025-12-16 15:09
NVD link : CVE-2024-58283
Mitre link : CVE-2024-58283
CVE.ORG link : CVE-2024-58283
JSON object : View
Products Affected
wbce
- wbce_cms
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type