EIP-2026-120683

PRE-CVE

WBCE CMS 1.6.4 - Remote Code Execution

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-120683. PoCs published by red.

AI-analyzed exploit summary This exploit demonstrates a Remote Code Execution (RCE) vulnerability in WBCE CMS 1.6.4 via the Droplets module. Authenticated attackers with admin privileges can inject arbitrary PHP code, leading to system compromise.

Description

WBCE CMS 1.6.4 - Remote Code Execution

Exploits (1)

exploitdb WORKING POC
by red · textwebappsmultiple
https://www.exploit-db.com/exploits/52489

This exploit demonstrates a Remote Code Execution (RCE) vulnerability in WBCE CMS 1.6.4 via the Droplets module. Authenticated attackers with admin privileges can inject arbitrary PHP code, leading to system compromise.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: WBCE CMS v1.6.4
Auth required
Prerequisites: admin credentials · access to the Droplets module
mistral-large-3 · analyzed May 19, 2026 Full analysis →

Details

Status pre_cve
Tracked Since May 05, 2026