The exploit allows for authenticated remote code execution in WBCE CMS version 1.6.3 and prior. It involves creating a malicious module .zip file that, when uploaded and installed through the admin page, triggers the execution of a shell script. This exploit was authored by Swammers8.
The WBCE CMS version 1.6.2 allows remote attackers to execute arbitrary code via a crafted request. By uploading a malicious file, an attacker can execute commands on the server remotely.
The WBCE CMS 1.6.1 version is vulnerable to an open redirect and cross-site request forgery (CSRF) attack. By uploading a specially crafted HTML file and tricking a logged-in user to visit a malicious URL, an attacker can exploit this vulnerability to perform CSS keylogging.
Services By CQR