← Retour aux CVEs
CVE-2022-50936
HIGH8.8
Description
WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by crafting a specially designed zip file payload.
Details CVE
Score CVSS v3.18.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie1/13/2026
Derniere modification1/20/2026
Sourcenvd
Observations honeypot0
Produits affectes
wbce:wbce_cms
Faiblesses (CWE)
CWE-434
References
https://github.com/WBCE/WBCE_CMS(disclosure@vulncheck.com)
https://wbce.org/(disclosure@vulncheck.com)
https://wbce.org/de/downloads/(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/50707(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/wbce-cms-remote-code-execution-rce-authenticated(disclosure@vulncheck.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.