CVE-2024-58283

Sažetak

WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter.

Reference

https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zip
https://wbce-cms.org/
https://www.exploit-db.com/exploits/52039
https://www.vulncheck.com/advisories/wbce-cms-remote-code-execution-via-elfinder-file-upload
https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zip

CVSS

Base:	8.8
Impact:	5.9
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

16-12-2025 - 15:09

Objavljeno

10-12-2025 - 22:16