3 matches found
WBCE 1.6.0 SQL Injection
Exploit Title: |Unauthenticated SQL injection in WBCE 1.6.0 Date: 15.11.2023 Exploit Author: young pope Vendor Homepage: https://github.com/WBCE/WBCECMS Software Link: https://github.com/WBCE/WBCECMS/archive/refs/tags/1.6.0.zip Version: 1.6.0 Tested on: Kali linux CVE : CVE-2023-39796 There is an...
CVE-2023-39796
SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the DBRECORDTABLE parameter...
CVE-2023-39796
WBCE CMS v1.6.0 suffers an unauthenticated SQL injection in the miniform module. The flaw is exposed via the DB_RECORD_TABLE parameter and a vulnerable DELETE query in /modules/miniform/ajax_delete_message.php, allowing remote code execution and potential full database takeover. Connected sources...