Security Advisory

CVE-2025-67504

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-09 03:31:17

Last updated 2025-12-09 15:10:35

Assigner GitHub_M

State PUBLISHED

Description

WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword() to create passwords using PHPs rand(). rand() is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege escalation if these passwords are used for new accounts or password resets. The vulnerability is fixed in version 1.6.5.

← Browse all CVEs View on cve.org ↗