Unrated severityOSV Advisory· Published Dec 10, 2025· Updated Apr 7, 2026
WBCE CMS 1.6.2 Remote Code Execution via Elfinder File Upload
CVE-2024-58283
Description
WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- www.exploit-db.com/exploits/52039mitreexploit
- www.vulncheck.com/advisories/wbce-cms-remote-code-execution-via-elfinder-file-uploadmitrethird-party-advisory
- github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zipmitreproduct
- wbce-cms.orgmitreproduct
News mentions
0No linked articles in our index yet.