CVE-2025-34506

Published
View on NVD ↗
CVSS v3
8.8
HIGH
CVSS v2
N/A
Affected
2
PROJECTS

Description

WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed.

WBCE/WBCE_CMS
WBCE/WBCE_CMS
Core package of WBCE CMS. This package includes the core and the default addons. Visit https://wbce.org (DE) or https://wbce-cms.org (EN) to learn more or to join the WBCE CMS community.
GitHubGitHub
45
Swammers8/WBCE-v1.6.3-Authenticated-RCE
Swammers8/WBCE-v1.6.3-Authenticated-RCE
GitHubGitHub