ГлавнаяУязвимости → CVE-2024-58283
8.8высокая

CVE-2024-58283

Описание

WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter.

Затрагиваемое ПО
Wbce Wbce cms
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.ziphttps://wbce-cms.org/https://www.exploit-db.com/exploits/52039https://www.vulncheck.com/advisories/wbce-cms-remote-code-execution-via-elfinder-file-uploadhttps://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zip