CNNVD-202512-2040 Information
CNNVD ID
CNNVD-202512-2040
Related CVE
- CNNVD Published: 2025-12-11
Description (Chinese)
WBCE CMS是WBCE CMS开源的一套基于PHP和MySQL的开源内容管理系统(CMS)。 WBCE CMS 1.6.3及之前版本存在代码问题漏洞,该漏洞源于允许管理员上传恶意模块,可能导致远程代码执行。
Description (English)
WBCE CMS is a WBCE CMS Open Content Management System (CMS) based on PHP and MySQL. There is a code problem loophole in the WBCE CMS 1.6.3 and earlier versions, which stems from allowing administrators to upload malicious modules and may lead to remote code execution.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
WBCE CMS
Published
2025-12-11
Last Modified
2026-02-24
References
https://github.com/Swammers8/WBCE-v1.6.3-Authenticated-RCE https://github.com/WBCE/WBCE_CMS https://wbce-cms.org/ https://www.exploit-db.com/exploits/52132 https://www.vulncheck.com/advisories/wbce-cms-authenticated-remote-code-execution-via-module-upload https://youtu.be/Dhg5gRe9Dzs?si=-WQoiWU1yqvYNz1e
Patch
https://wbce-cms.org/downloads/
Share on: