instantflorian

4 exploits Active since Nov 2025
CVE-2025-65094 WRITEUP HIGH WRITEUP
WBCE CMS < 1.6.4 - Privilege Escalation via groups[] Parameter Manipulation
WBCE CMS is a content management system. Prior to version 1.6.4, a low-privileged user in WBCE CMS can escalate their privileges to the Administrators group by manipulating the groups[] parameter in the /admin/users/save.php request. The UI restricts users to assigning only their existing group, but server-side validation is missing, allowing attackers to overwrite their group membership and obtain full administrative access. This results in a complete compromise of the CMS. This issue has been patched in version 1.6.4.
CVSS 8.8
CVE-2025-65950 WRITEUP HIGH WRITEUP
WBCE CMS < 1.6.5 - Authenticated SQL Injection via User Management groups[] Parameter
WBCE CMS is a content management system. In versions 1.6.4 and below, the user management module allows a low-privileged authenticated user with permissions to modify users to execute arbitrary SQL queries. This can be escalated to a full database compromise, data exfiltration, effectively bypassing all security controls. The vulnerability exists in the admin/users/save.php script, which handles updates to user profiles. The script improperly processes the groups[] parameter sent from the user edit form. This issue is fixed in version 1.6.5.
CVSS 8.8
CVE-2025-66204 WRITEUP HIGH WRITEUP
WBCE CMS < 1.6.5 - Brute-Force Protection Bypass via X-Forwarded-For Header
WBCE CMS is a content management system. Version 1.6.4 contains a brute-force protection bypass where an attacker can indefinitely reset the counter by modifying `X-Forwarded-For` on each request, gaining unlimited password guessing attempts, effectively bypassing all brute-force protection. The application fully trusts the `X-Forwarded-For` header without validating it or restricting its usage. This issue is fixed in version 1.6.5.
CVSS 8.1
CVE-2025-67504 WRITEUP CRITICAL WRITEUP
WBCE CMS < 1.6.5 - Weak Password Generation via Insecure rand() Usage
WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword() to create passwords using PHP's rand(). rand() is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege escalation if these passwords are used for new accounts or password resets. The vulnerability is fixed in version 1.6.5.
CVSS 9.1