CVE-2025-34506
WBCE CMS 1.6.3 Authenticated Remote Code Execution via Module Upload
CVSS Score
0.0
EPSS Score
0.8%
EPSS Percentile
74th
WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed.
| CWE | CWE-434 |
| Vendor | wbce |
| Product | wbce cms |
| Published | Dec 11, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for wbce wbce cms
Be the first to know when new unknown vulnerabilities affecting wbce wbce cms are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
WBCE / WBCE CMS
1.6.3
References
exploit-db.com: https://www.exploit-db.com/exploits/52132 wbce-cms.org: https://wbce-cms.org/ github.com: https://github.com/WBCE/WBCE_CMS youtu.be: https://youtu.be/Dhg5gRe9Dzs?si=-WQoiWU1yqvYNz1e github.com: https://github.com/Swammers8/WBCE-v1.6.3-Authenticated-RCE vulncheck.com: https://www.vulncheck.com/advisories/wbce-cms-authenticated-remote-code-execution-via-module-upload
Credits
Swammers8