CVE-2022-50936

Sažetak

WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by crafting a specially designed zip file payload.

Reference

https://github.com/WBCE/WBCE_CMS
https://wbce.org/
https://wbce.org/de/downloads/
https://www.exploit-db.com/exploits/50707
https://www.vulncheck.com/advisories/wbce-cms-remote-code-execution-rce-authenticated

CVSS

Base:	8.8
Impact:	5.9
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

20-01-2026 - 17:58

Objavljeno

13-01-2026 - 23:15