VYPR
Vendor

Wbce

Products
1
CVEs
34
Across products
34
Status
Private

Products

1

Recent CVEs

34
View all 34 CVEs →
  • CVE-2017-2119HigApr 28, 2017
    risk 0.56cvss 8.6epss 0.04

    Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2017-2120HigApr 28, 2017
    risk 0.47cvss 7.2epss 0.01

    SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2017-2118MedApr 28, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2018-6313MedJan 25, 2018
    risk 0.31cvss 4.8epss 0.01

    Cross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the Modify Page screen, a different issue than CVE-2017-2118.

  • CVE-2017-1000213MedNov 17, 2017
    risk 0.31cvss 4.8epss 0.01

    WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search

  • CVE-2023-39796Nov 10, 2023
    risk 0.06cvss epss 0.06

    SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the DB_RECORD_TABLE parameter.

  • CVE-2021-3817Dec 9, 2021
    risk 0.06cvss epss 0.38

    wbce_cms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command

  • CVE-2022-30073May 17, 2022
    risk 0.01cvss epss 0.02

    WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via /admin/users/save.php.

  • CVE-2022-50936Jan 13, 2026
    risk 0.00cvss epss 0.01

    WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute…

  • CVE-2023-53910Dec 17, 2025
    risk 0.00cvss epss 0.00

    WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG editor. Attackers can submit POST requests to /wbce/modules/wysiwyg/save.php with…

  • CVE-2023-53909Dec 17, 2025
    risk 0.00cvss epss 0.00

    WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by uploading crafted SVG files through the media manager. Attackers can upload SVG files containing script tags to the…

  • CVE-2023-53901Dec 16, 2025
    risk 0.00cvss epss 0.00

    WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to capture user keystrokes. Attackers can upload a crafted HTML file with CSS-based keylogging techniques to intercept password characters through background image…

  • CVE-2025-34506Dec 11, 2025
    risk 0.00cvss epss 0.01

    WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the…

  • CVE-2024-58283Dec 10, 2025
    risk 0.00cvss epss 0.01

    WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and…

  • CVE-2025-65950Dec 10, 2025
    risk 0.00cvss epss 0.00

    WBCE CMS is a content management system. In versions 1.6.4 and below, the user management module allows a low-privileged authenticated user with permissions to modify users to execute arbitrary SQL queries. This can be escalated to a full database compromise, data exfiltration,…

  • CVE-2025-67504Dec 9, 2025
    risk 0.00cvss epss 0.00

    WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword() to create passwords using PHP's rand(). rand() is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account…

  • CVE-2025-66204Dec 8, 2025
    risk 0.00cvss epss 0.00

    WBCE CMS is a content management system. Version 1.6.4 contains a brute-force protection bypass where an attacker can indefinitely reset the counter by modifying `X-Forwarded-For` on each request, gaining unlimited password guessing attempts, effectively bypassing all…

  • CVE-2025-65094Nov 19, 2025
    risk 0.00cvss epss 0.00

    WBCE CMS is a content management system. Prior to version 1.6.4, a low-privileged user in WBCE CMS can escalate their privileges to the Administrators group by manipulating the groups[] parameter in the /admin/users/save.php request. The UI restricts users to assigning only…

  • CVE-2023-43871Sep 28, 2023
    risk 0.00cvss epss 0.00

    A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).

  • CVE-2023-38947Aug 3, 2023
    risk 0.00cvss epss 0.00

    An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file.