← Back to CVEs
CVE-2022-50936
HIGH8.8
Description
WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by crafting a specially designed zip file payload.
CVE Details
CVSS v3.1 Score8.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published1/13/2026
Last Modified1/20/2026
Sourcenvd
Honeypot Sightings0
Affected Products
wbce:wbce_cms
Weaknesses (CWE)
CWE-434
References
https://github.com/WBCE/WBCE_CMS(disclosure@vulncheck.com)
https://wbce.org/(disclosure@vulncheck.com)
https://wbce.org/de/downloads/(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/50707(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/wbce-cms-remote-code-execution-rce-authenticated(disclosure@vulncheck.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.