CNNVD-202511-2165 Information
CNNVD ID
CNNVD-202511-2165
Related CVE
- CNNVD Published: 2025-11-19
Description (Chinese)
WBCE CMS是WBCE CMS开源的一套基于PHP和MySQL的开源内容管理系统(CMS)。 WBCE CMS 1.6.4之前版本存在授权问题漏洞,该漏洞源于低权限用户可通过操纵/admin/users/save.php请求中的groups[]参数提升权限至管理员组,导致完全控制CMS。
Description (English)
WBCE CMS is a WBCE CMS Open Content Management System (CMS) based on PHP and MySQL. The previous version of the WBCE CMS 1.6.4 had a delegation of authority loophole, which stemmed from the fact that low-authority users could increase their privileges to the group of administrators by manipulating the /admin/user/save.php parameters of the request, leading to full control of the CMS.
Hazard Level
High
Vulnerability Type
授权问题
Affected Vendor
WBCE CMS
Published
2025-11-19
Last Modified
2026-02-24
References
https://github.com/WBCE/WBCE_CMS/commit/96046178f4c80cf16f7c224054dec7fdadddda7e https://github.com/WBCE/WBCE_CMS/security/advisories/GHSA-hmmw-4ccm-fx44
Patch
https://github.com/WBCE/WBCE_CMS/releases
Share on: