exploitDog

CVE-2022-50936

Опубликовано: 13 янв. 2026

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by crafting a specially designed zip file payload.

Ссылки

https://github.com/WBCE/WBCE_CMS
Product
https://wbce.org/
Product
https://wbce.org/de/downloads/
Product
https://www.exploit-db.com/exploits/50707
Exploit
Third Party Advisory
VDB Entry
https://www.vulncheck.com/advisories/wbce-cms-remote-code-execution-rce-authenticated
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wbce:wbce_cms:1.5.2:*:*:*:*:*:*:*

EPSS

Процентиль: 71%

0.00667

Низкий

8.8 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-4hp3-72w5-pmq7

CVSS3: 8.8

github

25 дней назад

WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by crafting a specially designed zip file payload.

EPSS

Процентиль: 71%

0.00667

Низкий

8.8 High

CVSS3

Дефекты

CWE-434