WBCE CMS v1.5.4 - Cross Site Scripting (Stored)

A cross-site scripting XSS vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field. id: CVE-2022-45038 info: name: WBCE CMS v1.5.4 - Cross Site Scripting Stored author:...

WBCE CMS v1.5.4 - Remote Code Execution

WBCE CMS v1.5.4 can implement getshell by modifying the upload file type. id: CVE-2022-46020 info: name: WBCE CMS v1.5.4 - Remote Code Execution author: theamanrawat severity: critical description: | WBCE CMS v1.5.4 can implement getshell by modifying the upload file type. impact: | Successful...

📄 WBCE CMS 1.6.4 Brute Force

WBCE CMS versions 1.6.4 suffers from a brute force protection bypass vulnerability. CVE-2025-66204: WBCE CMS allows brute-force protection bypass using X-Forwarded-For header Overview | Field | Details | |---|---| | CVE ID | CVE-2025-66204 | | Severity | MEDIUM | | Advisory | View Advisory | |...

📄 WBCE CMS Privilege Escalation / Insecure Direct Object Reference

WBCE CMS versions prior to 1.6.4 suffers from insecure direct object reference and privilege escalation vulnerabilities. CVE-2025-65094: WBCE CMS is Vulnerable to Privilege Escalation via Group ID Manipulation IDOR Overview | Field | Details | |---|---| | CVE ID | CVE-2025-65094 | | Severity | HI...

📄 WBCE CMS 1.6.4 SQL Injection

WBCE CMS versions 1.6.4 and below suffer from a remote time-bsed SQL injection vulnerability via the groups parameter. CVE-2025-65950: WBCE CMS is Vulnerable to Time-Based Blind SQL Injection through groups Parameter Overview | Field | Details | |---|---| | CVE ID | CVE-2025-65950 | | Severity |...

Exploit for Improper Authorization in Wbce Wbce_Cms

CVE-2025-65094: WBCE CMS is Vulnerable to Privilege Escalation...

Exploit for SQL Injection in Wbce Wbce_Cms

CVE-2025-65950: WBCE CMS is Vulnerable to Time-Based Blind SQL...

WBCE CMS 1.6.4 - Remote Code Execution

Exploit Title: WBCE CMS 1.6.4 - Remote Code Execution Date: 2024-10-26 Exploit Author: Chokri Hammedi Vendor Homepage: https://wbce.org/ Software Link: https://github.com/WBCE/WBCECMS/releases/tag/v1.6.4 Version: 1.6.4 Tested on: Linux Debian/Parrot OS Vulnerability Description WBCE CMS version...

CVE-2022-50936

WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by...

CVE-2022-50936

WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by...

CVE-2022-50936 WBCE CMS 1.5.2 - Remote Code Execution (RCE) (Authenticated)

WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by...

CVE-2022-50936 WBCE CMS 1.5.2 - Remote Code Execution (RCE) (Authenticated)

WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by...

CVE-2022-50936

WBCE CMS 1.5.2 is affected by an authenticated remote code execution vulnerability in the admin panel’s droplet upload functionality. Authenticated attackers can craft a zip payload to upload a malicious droplet, enabling arbitrary PHP code execution on the server. This aligns with multiple sourc...

PT-2026-2412

Name of the Vulnerable Software and Affected Versions WBCE CMS version 1.5.2 Description The software contains an authenticated remote code execution issue. Attackers can upload malicious droplets through the admin panel. Specifically, authenticated attackers can exploit the droplet upload...

WBCE CMS 代码问题漏洞

WBCE CMS is WBCE CMS open source an open source content management system CMS based on PHP and MySQL. A code issue vulnerability exists in WBCE CMS version 1.5.2, which originates from an authenticated attacker who can upload a malicious droplet via the admin panel, potentially leading to remote...

CVE-2023-43871

A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting XSS...

CVE-2023-53910

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG editor. Attackers can submit POST requests to /wbce/modules/wysiwyg/save.php with malicious script...

CVE-2023-53909

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by uploading crafted SVG files through the media manager. Attackers can upload SVG files containing script tags to the...

EUVD-2023-60221

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by uploading crafted SVG files through the media manager. Attackers can upload SVG files containing script tags to the...

CVE-2023-53909

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by uploading crafted SVG files through the media manager. Attackers can upload SVG files containing script tags to the...