CVE-2024-58283

HIGH

WBCE CMS 1.6.2 - Authenticated Remote Code Execution via Elfinder File Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-58283. PoCs published by Ahmet Ümit BAYRAM.

AI-analyzed exploit summary This exploit targets WBCE CMS v1.6.2, leveraging authenticated file upload to achieve remote code execution via a malicious PHP shell. It logs in, uploads a shell disguised as an '.inc' file, and provides a web interface for command execution.

Description

WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter.

Exploits (1)

exploitdb WORKING POC
by Ahmet Ümit BAYRAM · pythonwebappsphp
https://www.exploit-db.com/exploits/52039

This exploit targets WBCE CMS v1.6.2, leveraging authenticated file upload to achieve remote code execution via a malicious PHP shell. It logs in, uploads a shell disguised as an '.inc' file, and provides a web interface for command execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: WBCE CMS v1.6.2
Auth required
Prerequisites: Valid admin credentials · Access to the admin login page · File upload functionality enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 8.8
EPSS 0.0057
EPSS Percentile 42.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-434
Status published
Products (2)
wbce/WBCE CMS 1.6.2
wbce/wbce_cms 1.6.2
Published Dec 10, 2025
Tracked Since Feb 18, 2026