Lucene search
+L

11 matches found

Vulnrichment
Vulnrichment
added 2026/01/13 10:52 p.m.2 views

CVE-2022-50936 WBCE CMS 1.5.2 - Remote Code Execution (RCE) (Authenticated)

WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by...

8.8CVSS8.1AI score0.00785EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/12/18 11:36 p.m.4 views

CVE-2023-53909

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by uploading crafted SVG files through the media manager. Attackers can upload SVG files containing script tags to the...

5.4CVSS6.2AI score0.00277EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/18 12:34 a.m.5 views

EUVD-2023-60221

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by uploading crafted SVG files through the media manager. Attackers can upload SVG files containing script tags to the...

5.4CVSS5.7AI score0.00277EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/17 10:44 p.m.3 views

CVE-2023-53910 WBCE CMS 1.6.1 Stored Cross-Site Scripting via Page Content

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG editor. Attackers can submit POST requests to /wbce/modules/wysiwyg/save.php with malicious script...

5.4CVSS5.7AI score0.00277EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.6 views

PT-2025-51947

Name of the Vulnerable Software and Affected Versions WBCE CMS version 1.6.1 Description WBCE CMS version 1.6.1 has a stored cross-site scripting issue. Authenticated attackers can inject malicious JavaScript by uploading specially crafted SVG files. This is achieved through the media manager by...

5.4CVSS6AI score0.00277EPSS
Exploits1References6
NVD
NVD
added 2025/12/10 10:16 p.m.8 views

CVE-2024-58283

WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary syst...

8.8CVSS0.00581EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.3 views

WBCE CMS 代码问题漏洞

WBCE CMS is a PHP and MySQL based open source content management system CMS from WBCE CMS Open Source. A code issue vulnerability exists in WBCE CMS version 1.6.2 that originates from an authenticated user being able to upload malicious PHP files via the Elfinder file manager, which could lead to...

8.8CVSS7.7AI score0.00581EPSS
Exploits0References5
NVD
NVD
added 2025/12/09 4:18 p.m.5 views

CVE-2025-67504

WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword to create passwords using PHP's rand. rand is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege...

9.8CVSS0.00452EPSS
Exploits1References4
OSV
OSV
added 2025/12/09 3:31 a.m.4 views

CVE-2025-67504 WBCE CMS has Weak Random Number Generator in Password Generation Function

WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword to create passwords using PHP's rand. rand is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege...

9.1CVSS7.2AI score0.00452EPSS
Exploits1References6
CNNVD
CNNVD
added 2023/11/10 12:0 a.m.9 views

WBCE CMS Security Vulnerability

WBCE CMS is an open source content management system CMS based on PHP and MySQL. A security vulnerability exists in WBCE CMS version v.1.6.0, which originates from a SQL injection vulnerability that allows unauthenticated, remote attackers to execute arbitrary code via the DBRECORDTABLE parameter...

9.8CVSS8.8AI score0.06096EPSS
Exploits3References4
ATTACKERKB
ATTACKERKB
added 2023/08/03 4:15 p.m.2 views

CVE-2023-38947

An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file...

7.2CVSS7.5AI score0.00482EPSS
Exploits1References4
Rows per page
Query Builder