CVE-2022-25101

CVE-2022-25101 affects WBCE CMS v1.5.2, with the vulnerable entry in the component path /templates/install.php . A crafted PHP file can lead to arbitrary code execution . The provided documents identify the affected software and the vulnerable file, but do not include exploitation details, versio...

WBCE CMS 1.5.2 - Remote Code Execution (Authenticated) Exploit

Exploit Title: WBCE CMS 1.5.2 - Remote Code Execution RCE Authenticated Exploit Author: Antonio Cuomo arkantolo Vendor Homepage: https://wbce.org/ Software Link: https://wbce.org/de/downloads/ Version: 1.5.2 Tested on: Linux - PHP Version: 8.0.14 Github repo: https://github.com/WBCE/WBCECMS --...

WBCE CMS 1.5.2 Remote Code Execution

Exploit Title: WBCE CMS 1.5.2 - Remote Code Execution RCE Authenticated Date: 02/01/2022 Exploit Author: Antonio Cuomo arkantolo Vendor Homepage: https://wbce.org/ Software Link: https://wbce.org/de/downloads/ Version: 1.5.2 Tested on: Linux - PHP Version: 8.0.14 Github repo:...

WBCE CMS 1.5.2 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: WBCE CMS 1.5.2 - Remote Code Execution RCE Authenticated Date: 02/01/2022 Exploit Author: Antonio Cuomo arkantolo Vendor Homepage: https://wbce.org/ Software Link: https://wbce.org/de/downloads/ Version: 1.5.2 Tested on: Linux - PHP Version: 8.0.14 Github repo:...

WBCE CMS 1.5.1 Admin Password Reset

Exploit Title: WBCE CMS 1.5.1 - Admin Password Reset Google Dork: intext: "Way Better Content Editing" Date: 20/12/2021 Exploit Author: citril or https://github.com/maxway2021 Vendor Homepage: https://wbce.org/ Software Link: https://wbce.org/de/downloads/ Version: = 1.5.1 Tested on: Linux CVE :...

WBCE CMS 1.5.1 - Admin Password Reset Exploit

Exploit Title: WBCE CMS 1.5.1 - Admin Password Reset Google Dork: intext: "Way Better Content Editing" Exploit Author: citril or https://github.com/maxway2021 Vendor Homepage: https://wbce.org/ Software Link: https://wbce.org/de/downloads/ Version: = 1.5.1 Tested on: Linux CVE : CVE-2021-3817...

WBCE CMS 1.5.1 - Admin Password Reset

Exploit Title: WBCE CMS 1.5.1 - Admin Password Reset Google Dork: intext: "Way Better Content Editing" Date: 20/12/2021 Exploit Author: citril or https://github.com/maxway2021 Vendor Homepage: https://wbce.org/ Software Link: https://wbce.org/de/downloads/ Version: = 1.5.1 Tested on: Linux CVE :...

CVE-2019-17575

A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This can be exploited by an authenticated user with admin privileges to rename a media filename and extension. For example: place PHP code in a .jpg file, and then change the file's base name to filename.p...

CVE-2019-17575

A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This can be exploited by an authenticated user with admin privileges to rename a media filename and extension. For example: place PHP code in a .jpg file, and then change the file's base name to filename.p...

Code injection

A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This can be exploited by an authenticated user with admin privileges to rename a media filename and extension. For example: place PHP code in a .jpg file, and then change the file's base name to filename.p...

CVE-2019-17575

A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This can be exploited by an authenticated user with admin privileges to rename a media filename and extension. For example: place PHP code in a .jpg file, and then change the file's base name to filename.p...

WBCE CMS Cross-Site Scripting Vulnerability (CNVD-2018-02994)

WBCE CMS is an easy-to-use open source content management system based on PHP/MySQL. A cross-site scripting vulnerability exists in WBCE CMS 1.3.1. A remote authenticated administrator can use the "Modify Page" screen to inject arbitrary web script or HTML...

Cross site scripting

Cross-site scripting XSS in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the Modify Page screen, a different issue than CVE-2017-2118...

CVE-2018-6313

Cross-site scripting XSS in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the Modify Page screen, a different issue than CVE-2017-2118...

CVE-2018-6313

Cross-site scripting XSS in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the Modify Page screen, a different issue than CVE-2017-2118...

CVE-2018-6313

CVE-2018-6313 affects WBCE CMS, version 1.3.1. It is a cross-site scripting (XSS) vulnerability where remote authenticated administrators can inject arbitrary script or HTML via the Modify Page screen (a distinct issue from CVE-2017-2118). The available sources describe the vulnerable component a...

CVE-2018-6313

Cross-site scripting XSS in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the Modify Page screen, a different issue than CVE-2017-2118...

Cross site scripting

WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=usersearch...

CVE-2017-1000213

WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=usersearch...

CVE-2017-1000213

WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=usersearch...