CVE-2024-58283

high

Description

WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter.

References

https://www.vulncheck.com/advisories/wbce-cms-remote-code-execution-via-elfinder-file-upload

https://www.exploit-db.com/exploits/52039

https://wbce-cms.org/

https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zip

Details

Source: Mitre, NVD

Published: 2025-12-10

Updated: 2025-12-12

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

CVSS v4

Base Score: 8.7

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.00339