CVE-2022-50936

moderate-risk

Published 2026-01-13

WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by crafting a specially designed zip file payload.

Do I need to act?

0.89% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (1)

Wbce Cms

Affected Vendors

Wbce

References (5)

Product https://github.com/WBCE/WBCE_CMS

Product https://wbce.org/

Product https://wbce.org/de/downloads/

Exploit https://www.exploit-db.com/exploits/50707

Third Party Advisory https://www.vulncheck.com/advisories/wbce-cms-remote-code-execution-rce-authenti...

/ 100

moderate-risk

Severity 30/34 · Critical

Exploitability 3/34 · Minimal

Exposure 5/34 · Minimal