{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-58283","assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","state":"PUBLISHED","assignerShortName":"VulnCheck","dateReserved":"2025-12-10T14:35:24.455Z","datePublished":"2025-12-10T21:14:54.713Z","dateUpdated":"2026-04-07T14:08:36.289Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"WBCE CMS","vendor":"wbce","versions":[{"status":"affected","version":"1.6.2"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wbce:wbce_cms:1.6.5:*:*:*:*:*:*:*"}]}]}],"credits":[{"lang":"en","type":"finder","value":"Ahmet Ümit BAYRAM"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter.</p>"}],"value":"WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter."}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":8.7,"baseSeverity":"HIGH","exploitMaturity":"NOT_DEFINED","privilegesRequired":"LOW","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-434","description":"CWE-434: Unrestricted Upload of File with Dangerous Type","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck","dateUpdated":"2026-04-07T14:08:36.289Z"},"references":[{"name":"ExploitDB-52039","tags":["exploit"],"url":"https://www.exploit-db.com/exploits/52039"},{"name":"WBCE CMS Homepage","tags":["product"],"url":"https://wbce-cms.org/"},{"name":"WBCE CMS GitHub Repository","tags":["product"],"url":"https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zip"},{"name":"VulnCheck Advisory: WBCE CMS 1.6.2 Remote Code Execution via Elfinder File Upload","tags":["third-party-advisory"],"url":"https://www.vulncheck.com/advisories/wbce-cms-remote-code-execution-via-elfinder-file-upload"}],"source":{"discovery":"UNKNOWN"},"title":"WBCE CMS 1.6.2 Remote Code Execution via Elfinder File Upload","x_generator":{"engine":"vulncheck"},"datePublic":"2024-06-03T00:00:00.000Z"},"adp":[{"references":[{"url":"https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zip","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-12-11T15:43:32.959358Z","id":"CVE-2024-58283","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-11T18:51:34.057Z"}}]}}