QwikSec

Security Database

CVE

CWE

Training

CVE-2024-58283

Published: Dec 10, 2025

Modified: Apr 7, 2026

PUBLISHED

Description

WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter.

Vendor	Product	Versions
wbce	WBCE CMS	affected `1.6.2`

Weaknesses (CWE)

References

ExploitDB-52039

exploit

WBCE CMS Homepage

product

WBCE CMS GitHub Repository

product

VulnCheck Advisory: WBCE CMS 1.6.2 Remote Code Execution via Elfinder File Upload

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.