exploitDog

CVE-2024-58283

Опубликовано: 10 дек. 2025

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter.

Ссылки

https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zip
Product
https://wbce-cms.org/
Product
https://www.exploit-db.com/exploits/52039
Third Party Advisory
VDB Entry
https://www.vulncheck.com/advisories/wbce-cms-remote-code-execution-via-elfinder-file-upload
Third Party Advisory
https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zip
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wbce:wbce_cms:1.6.2:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00612

Низкий

8.8 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-q35v-85f7-hfph

CVSS3: 8.8

github

около 2 месяцев назад

WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter.

EPSS

Процентиль: 69%

0.00612

Низкий

8.8 High

CVSS3

Дефекты

CWE-434