Login Sign Up

CVE-2023-29855

7.2 HIGH
Remote Code Execution

📋 TL;DR

WBCE CMS 1.5.3 contains a command injection vulnerability in admin/languages/install.php that allows authenticated attackers to execute arbitrary commands on the server. This affects all WBCE CMS installations running version 1.5.3 with the vulnerable file accessible. Attackers with admin access can exploit this to gain full system control.

💻 Affected Systems

Products:
  • WBCE CMS
Versions: 1.5.3
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires admin access to reach the vulnerable endpoint. Default installations include the vulnerable file.

📦 What is this software?

Wbce Cms by Wbce

View all CVEs affecting Wbce Cms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise leading to data theft, ransomware deployment, or use as a foothold for lateral movement within the network.

🟠

Likely Case

Attackers with admin credentials execute commands to install backdoors, steal sensitive data, or deface websites.

🟢

If Mitigated

With proper access controls and network segmentation, impact limited to the web server environment.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires admin credentials but is straightforward once authenticated. Public GitHub issue demonstrates the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.5.4 or later

Vendor Advisory: https://github.com/WBCE/WBCE_CMS/issues/544

Restart Required: No

Instructions:

1. Backup your WBCE installation. 2. Download WBCE CMS 1.5.4 or later from the official repository. 3. Replace the vulnerable admin/languages/install.php file with the patched version. 4. Verify no custom modifications are overwritten.

🔧 Temporary Workarounds

Remove vulnerable file

linux

Delete or rename the vulnerable install.php file to prevent exploitation

rm /path/to/wbce/admin/languages/install.php

Restrict file access

all

Use .htaccess or web server configuration to block access to the vulnerable file

<Files "install.php">
    Order Allow,Deny
    Deny from all
</Files>

🧯 If You Can't Patch

  • Implement strict access controls and multi-factor authentication for admin accounts
  • Deploy web application firewall (WAF) rules to block command injection patterns

🔍 How to Verify

Check if Vulnerable:

Check if admin/languages/install.php exists in your WBCE installation and review version number

Check Version:

grep -r "define.*VERSION" /path/to/wbce/ | grep -i version

Verify Fix Applied:

Verify admin/languages/install.php has been updated or removed, and confirm WBCE version is 1.5.4+

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to admin/languages/install.php
  • System commands executed from web process
  • Unexpected process spawns from web server user

Network Indicators:

  • Outbound connections from web server to unexpected destinations
  • Command and control traffic patterns

SIEM Query:

source="web_logs" AND uri="/admin/languages/install.php" AND (method="POST" OR params CONTAINS "system" OR params CONTAINS "exec")

📊 Metadata

CVE ID: CVE-2023-29855
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-77
Published: April 18, 2023
Last Updated: February 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-29855, you might also want to check these:

CVE-2024-48841 10.0

This critical vulnerability in FLXEON software allows remote attackers to execute arbitrary code wit...

Same vulnerability type (CWE-77)
CVE-2025-59818 10.0

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulati...

Same vulnerability type (CWE-77)
CVE-2024-28354 10.0

This is a critical command injection vulnerability in TRENDnet TEW-827DRU routers that allows remote...

Same vulnerability type (CWE-77)