Back to search
CVE-2025-34506
Published: Dec 11, 2025
Modified: Apr 7, 2026
PUBLISHED
Description
WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed.
| Vendor | Product | Versions |
|---|---|---|
WBCE | WBCE CMS | affected 1.6.3 |
Weaknesses (CWE)
References
ExploitDB-52132
exploit
WBCE CMS Homepage
product
WBCE CMS GitHub Repository
product
YouTube Demonstration
product
Swammers8 GitHub Repository
technical-description
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now