CVE-2024-58283

UNKNOWN 0.0

WBCE CMS 1.6.2 Remote Code Execution via Elfinder File Upload

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter.

CWE	CWE-434
Vendor	wbce
Product	wbce cms
Published	Dec 10, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for wbce wbce cms

Be the first to know when new unknown vulnerabilities affecting wbce wbce cms are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

wbce / WBCE CMS

1.6.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/52039 wbce-cms.org: https://wbce-cms.org/ github.com: https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zip vulncheck.com: https://www.vulncheck.com/advisories/wbce-cms-remote-code-execution-via-elfinder-file-upload

Credits

Ahmet Ümit BAYRAM