CVE-2025-34506

Published: Dec 11, 2025Modified: Dec 15, 2025

8.6

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: disclosure@vulncheck.com (Secondary)

Description

WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed.

Affected (1)

Products: Wbce: Wbce Cms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wbce Wbce Cms	Up to 1.6.3

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (6)

https://github.com/Swammers8/WBCE-v1.6.3-Authenticated-RCE

Source: disclosure@vulncheck.com

ExploitThird Party Advisory

https://github.com/WBCE/WBCE_CMS

Source: disclosure@vulncheck.com

Product

https://wbce-cms.org/

Source: disclosure@vulncheck.com

Product

https://www.exploit-db.com/exploits/52132

Source: disclosure@vulncheck.com

ExploitThird Party AdvisoryVDB Entry

https://www.vulncheck.com/advisories/wbce-cms-authenticated-remote-code-execution-via-module-upload

Source: disclosure@vulncheck.com

Third Party Advisory

https://youtu.be/Dhg5gRe9Dzs?si=-WQoiWU1yqvYNz1e

Source: disclosure@vulncheck.com

Exploit

Timeline

No history available yet.