CVE-2022-50936
HIGH WAF: Medium
CVSS 8.8
Published: 2026-01-13
CWE-434
WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by crafting a specially designed zip file payload.
WAF Coverage Analysis
Unrestricted File Upload
Medium WAF Coverage
OWASP: A04:2021 Insecure Design
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| wbce | wbce_cms | 1.5.2 |
References
- github.com (Product)
- wbce.org (Product)
- wbce.org (Product)
- www.exploit-db.com (Exploit, Third Party Advisory, VDB Entry)
- www.vulncheck.com (Third Party Advisory)