CVE-2024-58283

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-58283
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-58283.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-58283
Published
2025-12-10T22:16:20.267Z
Modified
2026-03-15T22:49:50.704547Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter.

References

Affected packages

Git / github.com/wbce/wbce_cms

Affected ranges

Type
GIT
Repo
https://github.com/wbce/wbce_cms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
70f55d47fa2bde149f012a1f20085d9018f141fd
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.2"
        }
    ]
}

Affected versions

1.*
1.0.0
1.0.0-beta.1
1.0.0-beta.2
1.0.0-beta.3
1.0.0-rc.1
1.1.0
1.1.1
1.1.10
1.1.11
1.1.2
1.1.3
1.1.4
1.1.6
1.1.8
1.1.9
1.2.0
1.3.0
1.3.1
1.3.2
1.4.0
1.4.1
1.4.2
1.4.4
1.4.5
1.5.0
1.5.1
1.5.2
1.5.3
1.5.4
1.6.0
1.6.0-beta.1
1.6.0-beta.2
1.6.0-beta.4
1.6.1
1.6.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-58283.json"