CVE-2023-38947

HIGH EPSS 38.0%

Published Aug 3, 20232y ago · Modified Jun 17, 20261w ago

7.2 CVSS 3.1

High

Published Aug 3, 2023 2y ago

Last Modified Jun 17, 2026 1w ago

Description

An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file.

CVSS Details

Base Score

7.2

Exploitability

1.2

Impact

5.9

Vector string

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required High

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

38.0% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 2

CWE-434 Unrestricted Upload of File with Dangerous Type Resource Mgmt

CWE-616

Affected Products 1

Vendor	Product	Version	Range
wbce	wbce_cms	1.6.1	any

References 3

gitee.com https://gitee.com/CTF-hacker/pwn/issues/I7LH2N

ExploitIssue TrackingThird Party Advisory
github.com https://github.com/capture0x/WBCE_CMS
packetstormsecurity.com https://packetstormsecurity.com/files/176018/WBCE-CMS-1.6.1-Shell-Upload.html

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.