CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

340 matches found

NVD•added 2025/11/19 7:15 p.m.•5 views

CVE-2025-65094

WBCE CMS is a content management system. Prior to version 1.6.4, a low-privileged user in WBCE CMS can escalate their privileges to the Administrators group by manipulating the groups parameter in the /admin/users/save.php request. The UI restricts users to assigning only their existing group, bu...

8.8CVSS0.00325EPSS

Exploits3References2

Cvelist•added 2025/11/19 7:6 p.m.•11 views

CVE-2025-65094 WBCE CMS is Vulnerable to Privilege Escalation via Group ID Manipulation (IDOR)

8.7CVSS0.00325EPSS

Exploits3References2

CVE•added 2025/11/19 7:6 p.m.•13 views

CVE-2025-65094

CVE-2025-65094 affects WBCE CMS prior to 1.6.4. A low-privileged user can escalate to Administrators by manipulating the groups[] parameter in the /admin/users/save.php request. UI prevents selection of other groups, but server-side validation is missing, allowing overwriting of group membership ...

8.8CVSS6.6AI score0.00325EPSS

Exploits3References2Affected Software1

Positive Technologies•added 2025/11/19 12:0 a.m.•5 views

PT-2025-47517

Name of the Vulnerable Software and Affected Versions WBCE CMS versions prior to 1.6.4 Description A low-privileged user in WBCE CMS can escalate their privileges to the Administrators group by manipulating the groups parameter in the '/admin/users/save.php' request. The user interface restricts...

8.8CVSS6.9AI score0.00325EPSS

Exploits3References8

Packet Storm•added 2025/10/30 12:0 a.m.•169 views

📄 WBCE CMS 1.6.4 Cross Site Scripting

WBCE CMS version 1.6.4 suffers from a persistent cross site scripting vulnerability. Exploit Title: WBCE CMS 1.6.4 - Stored Cross-Site Scripting XSS Date: 2025-10-29 Exploit Author: Chokri Hammedi Vendor Homepage: https://wbce.org/ Software Link: https://github.com/WBCE/WBCECMS/releases/tag/v1.6....

6.4AI score

Exploits0

Packet Storm•added 2025/10/27 12:0 a.m.•135 views

📄 WBCE CMS 1.6.4 Remote Code Execution

WBCE CMS version 1.6.4 contains a critical remote code execution vulnerability in the Droplets module. Authenticated attackers with administrator privileges can inject and execute arbitrary PHP code, leading to complete system compromise. Exploit Title: WBCE CMS 1.6.4 - Remote Code Execution Date...

8.6AI score

Exploits0