CVE-2024-58283

moderate-risk

Published 2025-12-10

WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter.

Do I need to act?

0.92% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (1)

Wbce Cms

Affected Vendors

Wbce

References (5)

Product https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zip

Product https://wbce-cms.org/

Third Party Advisory https://www.exploit-db.com/exploits/52039

Third Party Advisory https://www.vulncheck.com/advisories/wbce-cms-remote-code-execution-via-elfinder...

Product https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zip

/ 100

moderate-risk

Severity 30/34 · Critical

Exploitability 3/34 · Minimal

Exposure 5/34 · Minimal