CVE-2022-50936

EUVD-2026-2596
WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by crafting a specially designed zip file payload.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VulnCheckCNA
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
wbcewbce_cms
1.5.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/WBCE/WBCE_CMS
https://wbce.org/
https://wbce.org/de/downloads/
https://www.exploit-db.com/exploits/50707
https://www.vulncheck.com/advisories/wbce-cms-remote-code-execution-rce-authenticated