CVE-2025-34506
WBCE CMS 1.6.3 Authenticated Remote Code Execution via Module Upload
WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
WBCE · WBCE CMSWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/Swammers8/WBCE-v1.6.3-Authenticated-RCEhttps://github.com/WBCE/WBCE_CMShttps://wbce-cms.org/https://www.exploit-db.com/exploits/52132https://www.vulncheck.com/advisories/wbce-cms-authenticated-remote-code-execution-via-module-uploadhttps://youtu.be/Dhg5gRe9Dzs?si=-WQoiWU1yqvYNz1e