Wbce Wbce_cms

40 CVEs affecting Wbce Wbce_cms. Latest disclosed: 2026-01-13. Critical: 4, High: 14.

Top CVEs affecting Wbce Wbce_cms
CVESeverityScorePublishedSummary
CVE-2023-39796Critical9.82023-11-10SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the DB_RECORD_TABLE…
CVE-2022-46020Critical9.82022-12-20WBCE CMS v1.5.4 can implement getshell by modifying the upload file type.
CVE-2021-3817Critical9.82021-12-09wbce_cms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
CVE-2025-67504Critical9.12025-12-09WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword() to create passwords using PHP's rand(). rand() is not c…
CVE-2022-50936High8.82026-01-13WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel…
CVE-2025-34506High8.82025-12-11WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attacker…
CVE-2024-58283High8.82025-12-10WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder fi…
CVE-2025-65950High8.82025-12-10WBCE CMS is a content management system. In versions 1.6.4 and below, the user management module allows a low-privileged authenticated user with permissions to…
CVE-2025-65094High8.82025-11-19WBCE CMS is a content management system. Prior to version 1.6.4, a low-privileged user in WBCE CMS can escalate their privileges to the Administrators group by…
CVE-2017-2119High8.62017-04-28Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2025-66204High8.12025-12-09WBCE CMS is a content management system. Version 1.6.4 contains a brute-force protection bypass where an attacker can indefinitely reset the counter by modifyi…
CVE-2022-25101High7.82022-02-24A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-25099High7.82022-02-24A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2023-38947High7.22023-08-03An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP…
CVE-2023-29855High7.22023-04-18WBCE CMS 1.5.3 has a command execution vulnerability via admin/languages/install.php.
CVE-2022-45039High7.22022-11-25An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2019-17575High7.22019-10-14A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This can be exploited by an authenticated user with admin privilege…
CVE-2017-2120High7.22017-04-28SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vect…
CVE-2022-28477Medium6.12022-04-28WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS).
CVE-2017-2118Medium6.12017-04-28Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.