Описание
WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed.
WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-34506
- https://github.com/Swammers8/WBCE-v1.6.3-Authenticated-RCE
- https://github.com/WBCE/WBCE_CMS
- https://wbce-cms.org
- https://www.exploit-db.com/exploits/52132
- https://www.vulncheck.com/advisories/wbce-cms-authenticated-remote-code-execution-via-module-upload
- https://youtu.be/Dhg5gRe9Dzs?si=-WQoiWU1yqvYNz1e
Связанные уязвимости
WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed.