Description

WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by crafting a specially designed zip file payload.

Related CPE's

a

wbce

wbce_cms

1.5.2

Vulnerable

References

https://github.com/WBCE/WBCE_CMS

Product

https://wbce.org/

Product

https://wbce.org/de/downloads/

Product

https://www.exploit-db.com/exploits/50707

ExploitThird Party AdvisoryVDB Entry

https://www.vulncheck.com/advisories/wbce-cms-remote-code-execution-rce-authenticated

Third Party Advisory

Weaknesses

[email protected]

Primary
CWE-434

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 · High

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2026-01-13T23:15:58.703Z

1 week ago

Last modified

2026-01-20T17:58:42.253Z

11 hours ago