Lucene search
K

306 matches found

Packet Storm
Packet Storm
added 2026/04/13 12:0 a.m.105 views

📄 WBCE CMS Privilege Escalation / Insecure Direct Object Reference

WBCE CMS versions prior to 1.6.4 suffers from insecure direct object reference and privilege escalation vulnerabilities. CVE-2025-65094: WBCE CMS is Vulnerable to Privilege Escalation via Group ID Manipulation IDOR Overview | Field | Details | |---|---| | CVE ID | CVE-2025-65094 | | Severity | HI...

8.8CVSS5.8AI score0.00331EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/04/13 12:0 a.m.91 views

📄 WBCE CMS 1.6.4 Brute Force

WBCE CMS versions 1.6.4 suffers from a brute force protection bypass vulnerability. CVE-2025-66204: WBCE CMS allows brute-force protection bypass using X-Forwarded-For header Overview | Field | Details | |---|---| | CVE ID | CVE-2025-66204 | | Severity | MEDIUM | | Advisory | View Advisory | |...

8.1CVSS5.8AI score0.00402EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/04/13 12:0 a.m.87 views

📄 WBCE CMS 1.6.4 SQL Injection

WBCE CMS versions 1.6.4 and below suffer from a remote time-bsed SQL injection vulnerability via the groups parameter. CVE-2025-65950: WBCE CMS is Vulnerable to Time-Based Blind SQL Injection through groups Parameter Overview | Field | Details | |---|---| | CVE ID | CVE-2025-65950 | | Severity |...

9.4CVSS5.9AI score0.00462EPSS
Exploits3
GithubExploit
GithubExploit
added 2026/04/11 7:14 p.m.110 views

Exploit for Improper Authorization in Wbce Wbce_Cms

CVE-2025-65094: WBCE CMS is Vulnerable to Privilege Escalation...

8.8CVSS5.8AI score0.00331EPSS
Exploits3
GithubExploit
GithubExploit
added 2026/04/11 7:13 p.m.108 views

Exploit for SQL Injection in Wbce Wbce_Cms

CVE-2025-65950: WBCE CMS is Vulnerable to Time-Based Blind SQL...

9.4CVSS6.2AI score0.00462EPSS
Exploits3
Exploit DB
Exploit DB
added 2026/04/06 12:0 a.m.105 views

WBCE CMS 1.6.4 - Remote Code Execution

Exploit Title: WBCE CMS 1.6.4 - Remote Code Execution Date: 2024-10-26 Exploit Author: Chokri Hammedi Vendor Homepage: https://wbce.org/ Software Link: https://github.com/WBCE/WBCECMS/releases/tag/v1.6.4 Version: 1.6.4 Tested on: Linux Debian/Parrot OS Vulnerability Description WBCE CMS version...

5.9AI score
Exploits0
NVD
NVD
added 2026/01/13 11:15 p.m.9 views

CVE-2022-50936

WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by...

8.8CVSS0.00785EPSS
Exploits1References5
OSV
OSV
added 2026/01/13 11:15 p.m.4 views

CVE-2022-50936

WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by...

8.8CVSS6.8AI score
Exploits0References5
Cvelist
Cvelist
added 2026/01/13 10:52 p.m.24 views

CVE-2022-50936 WBCE CMS 1.5.2 - Remote Code Execution (RCE) (Authenticated)

WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by...

8.8CVSS0.00785EPSS
Exploits1References5
CVE
CVE
added 2026/01/13 10:52 p.m.19 views

CVE-2022-50936

WBCE CMS 1.5.2 is affected by an authenticated remote code execution vulnerability in the admin panel’s droplet upload functionality. Authenticated attackers can craft a zip payload to upload a malicious droplet, enabling arbitrary PHP code execution on the server. This aligns with multiple sourc...

8.8CVSS8.1AI score0.00785EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.3 views

WBCE CMS 代码问题漏洞

WBCE CMS is WBCE CMS open source an open source content management system CMS based on PHP and MySQL. A code issue vulnerability exists in WBCE CMS version 1.5.2, which originates from an authenticated attacker who can upload a malicious droplet via the admin panel, potentially leading to remote...

8.8CVSS6.2AI score0.00785EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.7 views

PT-2026-2412

Name of the Vulnerable Software and Affected Versions WBCE CMS version 1.5.2 Description The software contains an authenticated remote code execution issue. Attackers can upload malicious droplets through the admin panel. Specifically, authenticated attackers can exploit the droplet upload...

8.8CVSS6.6AI score0.00785EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/12/18 11:36 p.m.5 views

CVE-2023-53910

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG editor. Attackers can submit POST requests to /wbce/modules/wysiwyg/save.php with malicious script...

5.4CVSS6.1AI score0.00267EPSS
Exploits1References1
OSV
OSV
added 2025/12/17 11:15 p.m.3 views

CVE-2023-53909

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by uploading crafted SVG files through the media manager. Attackers can upload SVG files containing script tags to the...

5.4CVSS6.1AI score
Exploits0References3
NVD
NVD
added 2025/12/17 11:15 p.m.6 views

CVE-2023-53910

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG editor. Attackers can submit POST requests to /wbce/modules/wysiwyg/save.php with malicious script...

5.4CVSS0.00267EPSS
Exploits1References3
CVE
CVE
added 2025/12/17 10:44 p.m.11 views

CVE-2023-53910

WBCE CMS 1.6.1 has a stored XSS vulnerability in the WYSIWYG editor: authenticated attackers can inject JavaScript by sending malicious content to /wbce/modules/wysiwyg/save.php (content parameter), which executes when pages are viewed. Root cause: improper input handling in page content. Impact:...

5.4CVSS5.7AI score0.00267EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/12/17 10:44 p.m.19 views

CVE-2023-53909 WBCE CMS 1.6.1 SVG File Content Cross-Site Scripting

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by uploading crafted SVG files through the media manager. Attackers can upload SVG files containing script tags to the...

5.4CVSS0.00267EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/12/17 6:2 p.m.5 views

CVE-2023-53901

WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to capture user keystrokes. Attackers can upload a crafted HTML file with CSS-based keylogging techniques to intercept password characters through background image requests...

7.1CVSS6.3AI score0.00226EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.3 views

WBCE CMS 跨站脚本漏洞

WBCE CMS is WBCE CMS open source a set of PHP and MySQL based open source content management system CMS. A cross-site scripting vulnerability exists in WBCE CMS version 1.6.1, which stems from improper cleanup of content parameters in the WYSIWYG editor and could lead to a stored cross-site...

5.4CVSS5.8AI score0.00267EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.5 views

PT-2025-51948

Name of the Vulnerable Software and Affected Versions WBCE CMS version 1.6.1 Description WBCE CMS version 1.6.1 has a stored cross-site scripting issue. Authenticated attackers can inject malicious JavaScript by inserting script tags into page content using the WYSIWYG editor. Attackers can submi...

5.4CVSS5.9AI score0.00267EPSS
Exploits1References6
Rows per page
Query Builder