VYPR
Unrated severityOSV Advisory· Published Dec 10, 2025· Updated Apr 7, 2026

WBCE CMS 1.6.2 Remote Code Execution via Elfinder File Upload

CVE-2024-58283

Description

WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Wbce/Wbce CMSOSV2 versions
    1.0.0, 1.0.0-beta.1, 1.0.0-beta.2, …+ 1 more
    • (no CPE)range: 1.0.0, 1.0.0-beta.1, 1.0.0-beta.2, …
    • (no CPE)range: =1.6.2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.