Vulnerability Database

314,433

Total vulnerabilities in the database

CVE-2024-58283

WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter.

Published: Dec 10, 2025
Updated: Dec 17, 2025
CVE: CVE-2024-58283
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-434

Affected Software
References

Software	From	Fixed in
wbce / wbce_cms	1.6.2	1.6.2.x

https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zip
https://wbce-cms.org/
https://www.exploit-db.com/exploits/52039
https://www.vulncheck.com/advisories/wbce-cms-remote-code-execution-via-elfinder-file-upload

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo