CVE-2021-3817

SQL Injection in wbce/wbce_cms

CVSS 9.8 CRITICALEPSS 37.8%CWE-89

wbce_cms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

wbce · wbce/wbce_cms

public PoCs found — 2

cve_referencepacketstormsecurity.com/files/165377/WBCE-CMS-1.5.1-Admin-Password-Reset.htmlunverified exploitdbwww.exploit-db.com/exploits/50609unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/165377/WBCE-CMS-1.5.1-Admin-Password-Reset.html https://github.com/wbce/wbce_cms/commit/6ca63f0cad5f0cd606fdb69a372f09b7d238f1d7 https://huntr.dev/bounties/c330dc0d-220a-4b15-b785-5face4cf6ef7