CVE-2022-50936 — HIGH (8.8)

Vulnerability Description

WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by crafting a specially designed zip file payload.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Wbce	Wbce Cms	1.5.2

Related Weaknesses (CWE)

CWE-434

References

https://github.com/WBCE/WBCE_CMSProduct
https://wbce.org/Product
https://wbce.org/de/downloads/Product
https://www.exploit-db.com/exploits/50707ExploitThird Party AdvisoryVDB Entry
https://www.vulncheck.com/advisories/wbce-cms-remote-code-execution-rce-authentiThird Party Advisory

FAQ

What is CVE-2022-50936?

CVE-2022-50936 is a vulnerability with a CVSS score of 8.8 (HIGH). WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the...

How severe is CVE-2022-50936?

CVE-2022-50936 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-50936?

Check the references section above for vendor advisories and patch information. Affected products include: Wbce Wbce Cms.