CVE-2023-38947

An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file...

WBCE CMS 代码问题漏洞

WBCE CMS is an open source content management system CMS based on PHP and MySQL. An arbitrary file upload vulnerability exists in WBCE CMS version 1.6.1, which stems from the lack of validation of uploaded files in the /languages/install.php component. The vulnerability can be exploited to remote...

CVE-2023-38947

An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file...

WBCE CMS 1.6.1 Cross Site Request Forgery / Open Redirection

Exploit Title: WBCE CMS 1.6.1 - Open Redirect & CSRF Version: 1.6.1 Bugs: Open Redirect + CSRF = CSS KEYLOGGING Technology: PHP Vendor URL: https://wbce-cms.org/ Software Link: https://github.com/WBCE/WBCECMS/releases/tag/1.6.1 Date of found: 03-07-2023 Author: Mirabbas Ağalarov Tested on: Linux ...

WBCE CMS 1.6.1 - Open Redirect & CSRF

Exploit Title: WBCE CMS 1.6.1 - Open Redirect & CSRF Version: 1.6.1 Bugs: Open Redirect + CSRF = CSS KEYLOGGING Technology: PHP Vendor URL: https://wbce-cms.org/ Software Link: https://github.com/WBCE/WBCECMS/releases/tag/1.6.1 Date of found: 03-07-2023 Author: Mirabbas Ağalarov Tested on: Linux ...

WBCE CMS 1.6.1 - Multiple Stored Cross-Site Scripting Vulnerability

Exploit Title: WBCE CMS 1.6.1 - Multiple Stored Cross-Site Scripting XSS Version: 1.6.1 Bugs: XSS Technology: PHP Vendor URL: https://wbce-cms.org/ Software Link: https://github.com/WBCE/WBCECMS/releases/tag/1.6.1 Date of found: 03-05-2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical...

WBCE CMS 1.6.1 Cross Site Scripting

Exploit Title: WBCE CMS 1.6.1 - Multiple Stored Cross-Site Scripting XSS Version: 1.6.1 Bugs: XSS Technology: PHP Vendor URL: https://wbce-cms.org/ Software Link: https://github.com/WBCE/WBCECMS/releases/tag/1.6.1 Date of found: 03-05-2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical...

CVE-2023-29855

WBCE CMS 1.5.3 has a command execution vulnerability via admin/languages/install.php...

CVE-2023-29855

WBCE CMS 1.5.3 is affected by a command execution vulnerability in the admin/languages/install.php endpoint. The issue arises from a poorly filtered parameter in the Language Install module, enabling potential arbitrary command execution. Relevant advisories reference this exact vector across mul...

PT-2023-22448 · Wbce Cms · Wbce Cms

Name of the Vulnerable Software and Affected Versions: WBCE CMS version 1.5.3 Description: The issue is a command execution vulnerability. It can be exploited via the admin/languages/install.php endpoint. Recommendations: For WBCE CMS version 1.5.3, consider disabling access to the...

CVE-2022-46020

WBCE CMS v1.5.4 can implement getshell by modifying the upload file type...

CVE-2022-46020

WBCE CMS v1.5.4 can implement getshell by modifying the upload file type...

Design/Logic Flaw

WBCE CMS v1.5.4 can implement getshell by modifying the upload file type...

CVE-2022-46020

WBCE CMS v1.5.4 is affected by CVE-2022-46020, a remote code execution vulnerability caused by allowing getshell via modification of the upload file type. The NVD/Nuclei and related sources describe a critical flaw (CVSS v3.1: 9.8) with network attack vector, no privileges required, and high impa...

PT-2022-27718 · Wbce Cms · Wbce Cms

Name of the Vulnerable Software and Affected Versions: WBCE CMS version 1.5.4 Description: The issue allows for getshell by modifying the upload file type, potentially leading to unauthorized access and control. Recommendations: For WBCE CMS version 1.5.4, consider restricting the upload file typ...

CVE-2022-46020

WBCE CMS v1.5.4 can implement getshell by modifying the upload file type...

CVE-2022-46020

WBCE CMS v1.5.4 can implement getshell by modifying the upload file type...

CVE-2022-45040

A cross-site scripting XSS vulnerability in /admin/pages/sectionssave.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field...

CVE-2022-45040

A cross-site scripting XSS vulnerability in /admin/pages/sectionssave.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field...

CVE-2022-45039

An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file...