Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

WBCE CMS Remote Code Execution Vulnerability

Vulnerability

Exploited

Patched

A remote code execution vulnerability has been identified in WBCE CMS version 1.5.2. This vulnerability allows authenticated attackers to upload malicious droplets through the admin panel. By exploiting the droplet upload functionality in the admin tools, attackers can create and execute arbitrary PHP code by crafting a specially designed zip file payload.

Impact

Exploitation of this vulnerability allows for authenticated remote code execution on the server where WBCE CMS is installed.

Reproduction

To reproduce this vulnerability, an authenticated user must log into the WBCE CMS admin panel. Once logged in, the user can upload a malicious zip file containing a payload that executes PHP code via the droplet upload feature in the admin tools. After the droplet is uploaded and executed, the PHP code can be used to execute commands on the server.

Added: Jan 13, 2026, 11:57 PM

Updated: Jan 13, 2026, 11:57 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

7.5

exploitability

7.1

remediation

7.7

relevance

2.0

threat

8.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

7.5

exploitability

7.1

remediation

7.7

relevance

2.0

threat

8.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

WBCE CMS Remote Code Execution Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

WBCE CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating