Login Sign Up

CVE-2022-50936

8.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows authenticated attackers to execute arbitrary PHP code on WBCE CMS servers by uploading malicious droplets through the admin panel. Attackers can craft specially designed zip files containing PHP code that gets executed when uploaded. This affects all WBCE CMS administrators who have access to the droplet upload functionality.

💻 Affected Systems

Products:
  • WBCE CMS
Versions: 1.5.2 and likely earlier versions
Operating Systems: All platforms running PHP
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated admin access to the droplet upload functionality in admin tools.

📦 What is this software?

Wbce Cms by Wbce

View all CVEs affecting Wbce Cms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise leading to data theft, malware deployment, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Website defacement, data exfiltration, or cryptocurrency mining malware deployment.

🟢

If Mitigated

Limited impact due to restricted admin access, network segmentation, and proper file upload validation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires admin credentials but uses simple zip file manipulation techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.5.3 or later

Vendor Advisory: https://wbce.org/

Restart Required: No

Instructions:

1. Backup your WBCE CMS installation and database. 2. Download the latest version from wbce.org. 3. Replace all files except /media/ and /userfiles/ directories. 4. Run the update script if provided. 5. Verify functionality.

🔧 Temporary Workarounds

Disable droplet upload functionality

all

Temporarily disable or restrict access to the droplet upload feature in admin tools.

# Modify admin panel permissions or remove droplet upload interface

Implement file upload restrictions

linux

Add server-side validation to block zip files containing PHP code.

# Add .htaccess rule: <Files *.php> deny from all </Files> in upload directories

🧯 If You Can't Patch

  • Restrict admin panel access to specific IP addresses only
  • Implement web application firewall rules to block suspicious file uploads

🔍 How to Verify

Check if Vulnerable:

Check if running WBCE CMS version 1.5.2 or earlier and if droplet upload functionality is accessible in admin panel.

Check Version:

Check /CHANGELOG.md or admin panel version display

Verify Fix Applied:

Verify version is 1.5.3 or later and test that malicious zip files with PHP code cannot be uploaded.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to droplet directories
  • Admin panel access from unexpected IPs
  • Execution of unexpected PHP files

Network Indicators:

  • POST requests to /admin/droplets/upload.php with zip files
  • Outbound connections from web server to suspicious domains

SIEM Query:

source="web_logs" AND (uri="/admin/droplets/upload.php" OR file_extension="zip") AND status=200

📊 Metadata

CVE ID: CVE-2022-50936
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
EPSS Score: 0.77% exploit probability (73.1th percentile)
Published: January 13, 2026
Last Updated: January 20, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50936, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)