The WBCE CMS version 1.6.2 allows remote attackers to execute arbitrary code via a crafted request. By uploading a malicious file, an attacker can execute commands on the server remotely.
WBCE CMS version 1.6.1 is vulnerable to remote command execution. By uploading a malicious file and triggering its execution through the language installation feature, an attacker can execute arbitrary commands on the server. This can lead to unauthorized access, data theft, and other malicious activities. This vulnerability has been assigned CVE-2023-XXXXX.
An SQL injection vulnerability exists in the *miniform* module of WBCE CMS version 1.6.0. The vulnerability allows unauthenticated attackers to access and potentially take over the entire database. The issue arises from the lack of authentication checks in the file /modules/miniform/ajax_delete_message.php, specifically in a DELETE query on line 40. The vulnerability can be exploited by using a tick sign (`) to manipulate the query. The vulnerable parameter is DB_RECORD_TABLE.
The WBCE CMS 1.6.1 version is vulnerable to an open redirect and cross-site request forgery (CSRF) attack. By uploading a specially crafted HTML file and tricking a logged-in user to visit a malicious URL, an attacker can exploit this vulnerability to perform CSS keylogging.
The WBCE CMS version 1.6.1 is vulnerable to multiple stored cross-site scripting (XSS) attacks. An attacker can upload a malicious SVG file containing a script that will be executed when viewed by an authenticated user with administrative privileges. This can lead to the execution of arbitrary code or the theft of sensitive information.
WBCE CMS version 1.5.2 is vulnerable to Remote Code Execution (RCE) when an authenticated user uploads a malicious file. This exploit uses a payload encoded in base64 which is uploaded to the server and then executed. The payload is a PHP shell which allows the attacker to execute arbitrary commands on the server.
An attacker can exploit a SQL injection vulnerability in WBCE CMS version 1.5.1 to reset the administrator password. The attacker can send a specially crafted HTTP POST request to the vulnerable URL with the email address set to 'admin@domain.com' and a random value for the submit parameter. This will cause the application to send a plaintext password to the attacker's email address.