CVE-2025-65094 in WBCEالمعلومات

الملخص

بحسب MITRE • 19/11/2025

WBCE CMS is a content management system. Prior to version 1.6.4, a low-privileged user in WBCE CMS can escalate their privileges to the Administrators group by manipulating the groups[] parameter in the /admin/users/save.php request. The UI restricts users to assigning only their existing group, but server-side validation is missing, allowing attackers to overwrite their group membership and obtain full administrative access. This results in a complete compromise of the CMS. This issue has been patched in version 1.6.4.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

GitHub M

حجز

17/11/2025

إفشاء

19/11/2025

الاعتدال

تمت الموافقة

إدخال

VDB-333022

CPE

جاهز

CWE

CWE-266 (مؤكد)

CVSS

8.8 (NVD)

EPSS

0.00064

KEV

لا

النشاطات

منخفض جدًا

القطاع

Lawfirm, Hostingprovider, ...

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-65094
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-65094
CVE Details	https://www.cvedetails.com/cve/CVE-2025-65094/

التالي ▸نظرة عامة ◂ السابق

Interested in the pricing of exploits?

See the underground prices here!