BIT-rum-2022-50806

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/rum/BIT-rum-2022-50806.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-rum-2022-50806

Aliases

CVE-2022-50806

Published

2026-01-29T20:50:41.024Z

Modified

2026-01-29T21:26:19.248582Z

Summary

4images 1.9 - Remote Command Execution (RCE)

Details

4images 1.9 contains a remote command execution vulnerability that allows authenticated administrators to inject reverse shell code through template editing functionality. Attackers can save malicious code in the template and execute arbitrary commands by accessing a specific categories.php endpoint with a crafted cat_id parameter.

Database specific

{
    "cpes": [
        "cpe:2.3:a:4homepages:4images:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}

References

Affected packages

Bitnami / rum

Package

Name: rum
Purl: pkg:bitnami/rum

Severity

8.6 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

1.9.0

Last affected

1.9.0

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/rum/BIT-rum-2022-50806.json"