WBCE CMS Remote Code Execution

HIGH (8.8) No Patch (6 days)
cwe-434aenrichauthentication-bypasscmshr-softwarephpremote-code-executiontoken-forgeryweb-server

Threat Intelligence

Low Risk
EPSS Score: 0.38% chance of exploitation (percentile: 59%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

WBCE CMS is a web-based content management system used by some organizations for managing their websites and digital content. This vulnerability allows authenticated attackers to upload malicious PHP files through the Elfinder file manager, which can lead to remote code execution and potentially allow attackers to execute arbitrary system commands.

Am I affected?

You're affected if you use WBCE CMS version 1.6.2. To check if your instance is vulnerable, run the following command: find / -name "wbce-cms*.zip" 2>/dev/null or search for wbce-cms.org in your system's logs.

Note: This vulnerability is specific to WBCE CMS version 1.6.2 and not applicable to other versions or similar products like WordPress or Drupal.

Affected Products

WBCE / WBCE CMS

How to fix

To fix this vulnerability, upgrade to WBCE CMS version 1.7.0 or later. You can download the latest version from the official GitHub repository: https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.7.0.zip

Immediate mitigations:

  • Restrict network access to your WBCE CMS instance (firewall it from the public internet)
  • Audit admin account activity for suspicious access patterns
  • Monitor for unauthorized file uploads and modifications

References