CVE-2022-50936

High CVSS: 8.7

WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by crafting a specially designed zip file payload.

Vendor

Wbce

Product

Wbce Cms

CWE

CWE-434

Yayın Tarihi

2026-01-13 23:15:58

Güncelleme

2026-01-20 17:58:42

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-434 Wbce Cms HIGH Wbce 2026

Referanslar

https://github.com/WBCE/WBCE_CMS https://wbce.org/ https://wbce.org/de/downloads/ https://www.exploit-db.com/exploits/50707 https://www.vulncheck.com/advisories/wbce-cms-remote-code-execution-rce-authenticated

Benzer Kayıtlar

Medium

CVE-2023-53909

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malici…

Medium

CVE-2023-53910

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malici…

High

CVE-2023-53901

WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to c…

High

CVE-2025-34506

WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrator…

High

CVE-2024-58283

WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload mali…

Critical

CVE-2025-65950

WBCE CMS is a content management system. In versions 1.6.4 and below, the user management module allows a low-privileged…