← voltar
CVE-2024-58283

WBCE CMS 1.6.2 Remote Code Execution via Elfinder File Upload

CVSS 8.7 HIGHEPSS 0.6%CWE-434
WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
wbce · WBCE CMS

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.ziphttps://wbce-cms.org/https://www.exploit-db.com/exploits/52039https://www.vulncheck.com/advisories/wbce-cms-remote-code-execution-via-elfinder-file-upload