CVE-2025-34506
WBCE CMS 1.6.3 Authenticated Remote Code Execution via Module Upload
WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
WBCE · WBCE CMSQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://github.com/Swammers8/WBCE-v1.6.3-Authenticated-RCEhttps://github.com/WBCE/WBCE_CMShttps://wbce-cms.org/https://www.exploit-db.com/exploits/52132https://www.vulncheck.com/advisories/wbce-cms-authenticated-remote-code-execution-via-module-uploadhttps://youtu.be/Dhg5gRe9Dzs?si=-WQoiWU1yqvYNz1e