CVE-2024-58283

HIGH

Wbce Cms - Unrestricted File Upload

Title source: rule

Description

WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter.

Exploits (1)

exploitdb WORKING POC

by Ahmet Ümit BAYRAM · pythonwebappsphp

https://www.exploit-db.com/exploits/52039

View Code ZIP pw:eip

References (4)

[Product] https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zip

[Product] https://wbce-cms.org/

[Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/52039

[Third Party Advisory] https://www.vulncheck.com/advisories/wbce-cms-remote-code-execution-via-elfinder-file-upload

Scores

CVSS v3 8.8

EPSS 0.0092

EPSS Percentile 76.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (2)

wbce/WBCE CMS 1.6.2

wbce/wbce_cms 1.6.2

Published Dec 10, 2025

Tracked Since Feb 18, 2026