Wbce Wbce_cms
40 CVEs affecting Wbce Wbce_cms. Latest disclosed: 2026-01-13. Critical: 4, High: 14.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-39796 | Critical | 9.8 | 2023-11-10 | SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the DB_RECORD_TABLE… |
CVE-2022-46020 | Critical | 9.8 | 2022-12-20 | WBCE CMS v1.5.4 can implement getshell by modifying the upload file type. |
CVE-2021-3817 | Critical | 9.8 | 2021-12-09 | wbce_cms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command |
CVE-2025-67504 | Critical | 9.1 | 2025-12-09 | WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword() to create passwords using PHP's rand(). rand() is not c… |
CVE-2022-50936 | High | 8.8 | 2026-01-13 | WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel… |
CVE-2025-34506 | High | 8.8 | 2025-12-11 | WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attacker… |
CVE-2024-58283 | High | 8.8 | 2025-12-10 | WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder fi… |
CVE-2025-65950 | High | 8.8 | 2025-12-10 | WBCE CMS is a content management system. In versions 1.6.4 and below, the user management module allows a low-privileged authenticated user with permissions to… |
CVE-2025-65094 | High | 8.8 | 2025-11-19 | WBCE CMS is a content management system. Prior to version 1.6.4, a low-privileged user in WBCE CMS can escalate their privileges to the Administrators group by… |
CVE-2017-2119 | High | 8.6 | 2017-04-28 | Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors. |
CVE-2025-66204 | High | 8.1 | 2025-12-09 | WBCE CMS is a content management system. Version 1.6.4 contains a brute-force protection bypass where an attacker can indefinitely reset the counter by modifyi… |
CVE-2022-25101 | High | 7.8 | 2022-02-24 | A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file. |
CVE-2022-25099 | High | 7.8 | 2022-02-24 | A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file. |
CVE-2023-38947 | High | 7.2 | 2023-08-03 | An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP… |
CVE-2023-29855 | High | 7.2 | 2023-04-18 | WBCE CMS 1.5.3 has a command execution vulnerability via admin/languages/install.php. |
CVE-2022-45039 | High | 7.2 | 2022-11-25 | An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file. |
CVE-2019-17575 | High | 7.2 | 2019-10-14 | A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This can be exploited by an authenticated user with admin privilege… |
CVE-2017-2120 | High | 7.2 | 2017-04-28 | SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vect… |
CVE-2022-28477 | Medium | 6.1 | 2022-04-28 | WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS). |
CVE-2017-2118 | Medium | 6.1 | 2017-04-28 | Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |