{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-58283", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2025-12-10T14:35:24.455Z", "datePublished": "2025-12-10T21:14:54.713Z", "dateUpdated": "2025-12-11T18:51:34.057Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "WBCE CMS", "vendor": "wbce", "versions": [{"status": "affected", "version": "1.6.2"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Ahmet \u00dcmit BAYRAM"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter.</p>"}], "value": "WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434: Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-12-10T21:14:54.713Z"}, "references": [{"name": "ExploitDB-52039", "tags": ["exploit"], "url": "https://www.exploit-db.com/exploits/52039"}, {"name": "WBCE CMS Homepage", "tags": ["product"], "url": "https://wbce-cms.org/"}, {"name": "WBCE CMS GitHub Repository", "tags": ["product"], "url": "https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zip"}, {"name": "VulnCheck Advisory: WBCE CMS 1.6.2 Remote Code Execution via Elfinder File Upload", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/wbce-cms-remote-code-execution-via-elfinder-file-upload"}], "source": {"discovery": "UNKNOWN"}, "title": "WBCE CMS 1.6.2 Remote Code Execution via Elfinder File Upload", "x_generator": {"engine": "vulncheck"}}, "adp": [{"references": [{"url": "https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zip", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-11T15:43:32.959358Z", "id": "CVE-2024-58283", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-11T18:51:34.057Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-58283", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-11T15:43:32.959358Z"}}}], "references": [{"url": "https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zip", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-11T15:44:23.987Z"}}], "cna": {"title": "WBCE CMS 1.6.2 Remote Code Execution via Elfinder File Upload", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Ahmet \u00dcmit BAYRAM"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "wbce", "product": "WBCE CMS", "versions": [{"status": "affected", "version": "1.6.2"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.exploit-db.com/exploits/52039", "name": "ExploitDB-52039", "tags": ["exploit"]}, {"url": "https://wbce-cms.org/", "name": "WBCE CMS Homepage", "tags": ["product"]}, {"url": "https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zip", "name": "WBCE CMS GitHub Repository", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/wbce-cms-remote-code-execution-via-elfinder-file-upload", "name": "VulnCheck Advisory: WBCE CMS 1.6.2 Remote Code Execution via Elfinder File Upload", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter.", "supportingMedia": [{"type": "text/html", "value": "<p>WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434: Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-12-10T21:14:54.713Z"}}}, "cveMetadata": {"cveId": "CVE-2024-58283", "state": "PUBLISHED", "dateUpdated": "2025-12-11T18:51:34.057Z", "dateReserved": "2025-12-10T14:35:24.455Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2025-12-10T21:14:54.713Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wbce:wbce_cms:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "FFE9AA75-B493-4593-9A24-CDEAE2A6A2CB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter."}], "id": "CVE-2024-58283", "lastModified": "2025-12-16T15:09:04.653", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2025-12-10T22:16:20.267", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zip"}, {"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://wbce-cms.org/"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/52039"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/wbce-cms-remote-code-execution-via-elfinder-file-upload"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Product"], "url": "https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zip"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{"created": "2025-12-11T16:20:11.772604+00:00", "updated": "2025-12-11T16:20:11.772628+00:00", "vendors": ["wbce", "wbce$PRODUCT$wbce_cms"]}