📦 Wbce Cms

WBCE CMS versions 1.6.4 and below use PHP's non-cryptographically secure rand() function to generate passwords, making them predictable. Attackers can brute-force or predict passwords for new accounts...

This SQL injection vulnerability in WBCE CMS's miniform module allows remote unauthenticated attackers to execute arbitrary SQL commands via the DB_RECORD_TABLE parameter. Attackers can potentially re...

CVE-2021-3817 is an SQL injection vulnerability in WBCE CMS that allows attackers to execute arbitrary SQL commands. This can lead to authentication bypass, data theft, or complete system compromise. ...

This vulnerability allows authenticated attackers to execute arbitrary PHP code on WBCE CMS servers by uploading malicious droplets through the admin panel. Attackers can craft specially designed zip ...

This vulnerability allows authenticated administrators in WBCE CMS to upload malicious ZIP modules containing PHP reverse shell code, leading to remote code execution. Attackers who compromise admin c...

This vulnerability allows authenticated attackers to upload malicious PHP files through the Elfinder file manager in WBCE CMS version 1.6.2, leading to remote code execution. Attackers can upload web ...

WBCE CMS versions 1.6.4 and below contain a SQL injection vulnerability in the user management module. Authenticated users with permission to modify other users can execute arbitrary SQL queries, pote...

WBCE CMS version 1.6.4 has a brute-force protection bypass vulnerability where attackers can modify the X-Forwarded-For header to reset login attempt counters, allowing unlimited password guessing. Th...

This vulnerability allows low-privileged users in WBCE CMS to escalate their privileges to full administrative access by manipulating the groups[] parameter in user update requests. Server-side valida...

This vulnerability allows attackers to upload arbitrary PHP files to WBCE CMS through the /languages/install.php component, leading to remote code execution. It affects WBCE CMS version 1.6.1. Attacke...

WBCE CMS 1.5.3 contains a command injection vulnerability in admin/languages/install.php that allows authenticated attackers to execute arbitrary commands on the server. This affects all WBCE CMS inst...

This vulnerability in WBCE CMS allows attackers to upload and execute arbitrary PHP code through the languages management interface. It affects all WBCE CMS v1.5.2 installations with default configura...

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability where authenticated users can upload malicious SVG files containing JavaScript. When victims access these uploaded files, the JavaSc...

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious JavaScript into page content via the WYSIWYG editor. This can lead to session hi...