Vulnerability Database

322,935

Total vulnerabilities in the database

CVE-2022-50936

WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by crafting a specially designed zip file payload.

Published: Jan 13, 2026
Updated: Jan 21, 2026
CVE: CVE-2022-50936
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-434

Affected Software
References

Software	From	Fixed in
wbce / wbce_cms	1.5.2	1.5.2.x

https://github.com/WBCE/WBCE_CMS
https://wbce.org/
https://wbce.org/de/downloads/
https://www.exploit-db.com/exploits/50707
https://www.vulncheck.com/advisories/wbce-cms-remote-code-execution-rce-authenticated

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo