CVE-2024-58283: CWE-434: Unrestricted Upload of File with Dangerous Type in wbce WBCE CMS
WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter.
AI Analysis
Technical Summary
CVE-2024-58283 affects WBCE CMS version 1.6.2 and involves an unrestricted file upload vulnerability in the Elfinder file manager component. Authenticated users can upload malicious PHP files without proper validation, leading to remote code execution by executing arbitrary system commands through user-controlled parameters. This vulnerability is categorized under CWE-434 (Unrestricted Upload of File with Dangerous Type) and has a CVSS 4.0 base score of 8.7, indicating high severity. The vulnerability is not related to cloud services and no patch or official fix has been documented yet.
Potential Impact
Successful exploitation allows authenticated attackers to upload web shells and execute arbitrary system commands on the affected server, potentially leading to full system compromise. This can result in unauthorized access, data theft, service disruption, or further network penetration. The vulnerability requires authentication but no user interaction and has a high impact on confidentiality, integrity, and availability.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the Elfinder file manager to trusted users only and consider disabling or limiting file upload functionality. Monitor for suspicious file uploads and remove any unauthorized PHP files. Implement additional file validation controls if possible.
CVE-2024-58283: CWE-434: Unrestricted Upload of File with Dangerous Type in wbce WBCE CMS
Description
WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-58283 affects WBCE CMS version 1.6.2 and involves an unrestricted file upload vulnerability in the Elfinder file manager component. Authenticated users can upload malicious PHP files without proper validation, leading to remote code execution by executing arbitrary system commands through user-controlled parameters. This vulnerability is categorized under CWE-434 (Unrestricted Upload of File with Dangerous Type) and has a CVSS 4.0 base score of 8.7, indicating high severity. The vulnerability is not related to cloud services and no patch or official fix has been documented yet.
Potential Impact
Successful exploitation allows authenticated attackers to upload web shells and execute arbitrary system commands on the affected server, potentially leading to full system compromise. This can result in unauthorized access, data theft, service disruption, or further network penetration. The vulnerability requires authentication but no user interaction and has a high impact on confidentiality, integrity, and availability.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the Elfinder file manager to trusted users only and consider disabling or limiting file upload functionality. Monitor for suspicious file uploads and remove any unauthorized PHP files. Implement additional file validation controls if possible.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2025-12-10T14:35:24.455Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 6939e5605ab76fdc5f2656e9
Added to database: 12/10/2025, 9:25:52 PM
Last enriched: 4/7/2026, 10:53:56 PM
Last updated: 5/9/2026, 9:13:16 PM
Views: 147
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.