CVE-2022-50936

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-50936
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50936.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-50936
Published
2026-01-13T23:15:58.703Z
Modified
2026-03-11T14:29:04.807252Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by crafting a specially designed zip file payload.

References

Affected packages

Git / github.com/wbce/wbce_cms

Affected ranges

Type
GIT
Repo
https://github.com/wbce/wbce_cms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
254d23069f25b5d2d64b974f5bfafc980d23a73d
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.2"
        }
    ]
}

Affected versions

1.*
1.0.0
1.0.0-beta.1
1.0.0-beta.2
1.0.0-beta.3
1.0.0-rc.1
1.1.0
1.1.1
1.1.10
1.1.11
1.1.2
1.1.3
1.1.4
1.1.6
1.1.8
1.1.9
1.2.0
1.3.0
1.3.1
1.3.2
1.4.0
1.4.1
1.4.2
1.4.4
1.4.5
1.5.0
1.5.1
1.5.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50936.json"