CVE-2025-34506

HIGH

WBCE CMS < 1.6.3 - Authenticated Remote Code Execution via Malicious Module Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-34506. PoCs published by Swammers8.

AI-analyzed exploit summary This exploit creates a malicious WBCE CMS module containing a PHP reverse shell. It packages the module into a zip file and starts a netcat listener to receive the shell connection upon module installation.

Description

WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed.

Exploits (1)

exploitdb WORKING POC
by Swammers8 · bashwebappsmultiple
https://www.exploit-db.com/exploits/52132

This exploit creates a malicious WBCE CMS module containing a PHP reverse shell. It packages the module into a zip file and starts a netcat listener to receive the shell connection upon module installation.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: WBCE CMS <= v1.6.3
Auth required
Prerequisites: Authenticated access to WBCE CMS admin panel · Ability to upload and install modules
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Scores

CVSS v3 8.8
EPSS 0.0095
EPSS Percentile 76.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-434
Status published
Products (2)
WBCE/WBCE CMS 1.6.3
wbce/wbce_cms < 1.6.3
Published Dec 11, 2025
Tracked Since Feb 18, 2026