CVE-2022-46020

WBCE CMS v1.5.4 can implement getshell by modifying the upload file type...

CVE-2022-30073

WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting XSS via /admin/users/save.php...

CVE-2022-45014

A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Header field...

CVE-2022-45039

An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-45013

A cross-site scripting XSS vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field...

CVE-2022-28477

WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting XSS...

CVE-2022-25099

A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-30072

WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting XSS via \admin\pages\sectionssave.php namesection2 parameters...

CVE-2022-25101

A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-45015

A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Footer field...

CVE-2022-45012

A cross-site scripting XSS vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field...

CVE-2022-45036

A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field...

CVE-2018-6313

Cross-site scripting XSS in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the Modify Page screen, a different issue than CVE-2017-2118...

CVE-2019-17575

A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This can be exploited by an authenticated user with admin privileges to rename a media filename and extension. For example: place PHP code in a .jpg file, and then change the file's base name to filename.p...

CVE-2017-1000213

WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=usersearch...

📄 WBCE CMS 1.6.3 Remote Code Execution

WBCE CMS version 1.6.3 suffers from an authenticated remote code execution vulnerability. Exploit Title: WBCE CMS " exit 1 fi if -z "$which nc" ; then echo "! Netcat is not installed." exit 1 fi ip=$1 port=$2 rm -rf shellModule.zip rm -rf shellModule mkdir shellModule echo Crafting Payload cat...

WBCE CMS 1.6.3 - Authenticated Remote Code Execution (RCE)

Exploit Title: WBCE CMS " exit 1 fi if -z "$which nc" ; then echo "! Netcat is not installed." exit 1 fi ip=$1 port=$2 rm -rf shellModule.zip rm -rf shellModule mkdir shellModule echo Crafting Payload cat shellModule/info.php ?php / @category modules @package Reverse Shell @author Swammers8 @link...

WBCE-v1.6.3-Authenticated-RCE

WBCE CMS printerror$MESSAGE'GENERICINVALIDADDONFILE';...

VulnCheck KEV: CVE-2023-39796

SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the DBRECORDTABLE parameter...

WBCE CMS v1.6.2 - Remote Code Execution Exploit

Exploit Title: WBCE CMS v1.6.2 - Remote Code Execution RCE Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://wbce-cms.org/ Software Link: https://github.com/WBCE/WBCECMS/archive/refs/tags/1.6.2.zip Version: 1.6.2 Tested on: MacOS import requests from bs4 import BeautifulSoup import sys...