Unrated severityOSV Advisory· Published Dec 11, 2025· Updated Apr 7, 2026
WBCE CMS 1.6.3 Authenticated Remote Code Execution via Module Upload
CVE-2025-34506
Description
WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- www.exploit-db.com/exploits/52132mitreexploit
- www.vulncheck.com/advisories/wbce-cms-authenticated-remote-code-execution-via-module-uploadmitrethird-party-advisory
- wbce-cms.orgmitreproduct
- youtu.be/Dhg5gRe9Dzsmitreproduct
News mentions
0No linked articles in our index yet.