CVE-2022-25099

A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2022-25101

A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2019-17575

A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This can be exploited by an authenticated user with admin privileges to rename a media filename and extension. (For example: place PHP code in a .jpg file, and then change the file's base name to filename.ph...

CVE-2022-4006

A vulnerability, which was classified as problematic, has been found in WBCE CMS. Affected by this issue is the function increase_attempts of the file wbce/framework/class.login.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of ex...

CVE-2022-45039

An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2017-2120

SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.

CVE-2023-38947

An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2023-29855

WBCE CMS 1.5.3 has a command execution vulnerability via admin/languages/install.php.