CVE-2025-65950

HIGH

WBCE CMS < 1.6.5 - Authenticated SQL Injection via User Management groups[] Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-65950. PoCs published by lukasz-rybak.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2025-65950, a time-based blind SQL injection vulnerability in WBCE CMS. It includes a step-by-step proof-of-concept with payload examples and screenshots, demonstrating how a low-privileged user can exploit the `groups[]` parameter in the user management module to execute arbitrary SQL queries.

Description

WBCE CMS is a content management system. In versions 1.6.4 and below, the user management module allows a low-privileged authenticated user with permissions to modify users to execute arbitrary SQL queries. This can be escalated to a full database compromise, data exfiltration, effectively bypassing all security controls. The vulnerability exists in the admin/users/save.php script, which handles updates to user profiles. The script improperly processes the groups[] parameter sent from the user edit form. This issue is fixed in version 1.6.5.

Exploits (1)

nomisec WRITEUP

by lukasz-rybak · poc

https://github.com/lukasz-rybak/CVE-2025-65950

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2025-65950, a time-based blind SQL injection vulnerability in WBCE CMS. It includes a step-by-step proof-of-concept with payload examples and screenshots, demonstrating how a low-privileged user can exploit the `groups[]` parameter in the user management module to execute arbitrary SQL queries.

Classification

Writeup 100%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: WBCE CMS

Auth required

Prerequisites: Authenticated user account with 'Users - Modify' permissions

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Apr 12, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory, Exploit x_refsource_confirm

https://github.com/WBCE/WBCE_CMS/security/advisories/GHSA-934v-xhx9-j2f3

Patch x_refsource_misc

https://github.com/WBCE/WBCE_CMS/commit/96046178f4c80cf16f7c224054dec7fdadddda7e

View Patch ZIP pw:eip

Release Notes x_refsource_misc

https://github.com/WBCE/WBCE_CMS/releases/tag/1.6.5

Scores

CVSS v3 8.8

EPSS 0.0046

EPSS Percentile 36.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-89

Status published

Products (1)

wbce/wbce_cms < 1.6.5

Published Dec 10, 2025

Tracked Since Feb 18, 2026