CNNVD-202512-1781 Information

CNNVD ID

CNNVD-202512-1781

Related CVE

CVE-2024-58283

• CNNVD Published: 2025-12-10

Description (Chinese)

WBCE CMS是WBCE CMS开源的一套基于PHP和MySQL的开源内容管理系统（CMS）。 WBCE CMS 1.6.2版本存在代码问题漏洞，该漏洞源于认证用户可通过Elfinder文件管理器上传恶意PHP文件，可能导致远程代码执行。

Description (English)

WBCE CMS is a WBCE CMS Open Content Management System (CMS) based on PHP and MySQL. Version 1.6.2 of the WBCE CMS has a code problem loophole, which stems from the fact that authentication users can upload malicious PHP files through the Elfinder file manager, which may lead to remote code execution.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

WBCE CMS

Published

2025-12-10

Last Modified

2026-02-24

References

https://www.exploit-db.com/exploits/52039 https://wbce-cms.org/ https://www.vulncheck.com/advisories/wbce-cms-remote-code-execution-via-elfinder-file-upload https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zip https://access.redhat.com/security/cve/cve-2024-58283