CVE-2022-50936

HIGH

WBCE CMS 1.5.2 - Authenticated Remote Code Execution via Droplet Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-50936. PoCs published by Antonio Cuomo.

AI-analyzed exploit summary This exploit targets WBCE CMS 1.5.2, leveraging authenticated RCE via a malicious droplet upload and execution. It requires valid credentials and interacts with the CMS admin interface to achieve remote code execution.

Description

WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by crafting a specially designed zip file payload.

Exploits (1)

exploitdb WORKING POC
by Antonio Cuomo · pythonwebappsphp
https://www.exploit-db.com/exploits/50707

This exploit targets WBCE CMS 1.5.2, leveraging authenticated RCE via a malicious droplet upload and execution. It requires valid credentials and interacts with the CMS admin interface to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: WBCE CMS 1.5.2
Auth required
Prerequisites: Valid admin credentials · Network access to the target CMS · PHP environment
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Third Party Advisory, VDB Entry exploit
https://www.exploit-db.com/exploits/50707
Product product
https://wbce.org/

Scores

CVSS v3 8.8
EPSS 0.0078
EPSS Percentile 51.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-434
Status published
Products (1)
wbce/wbce_cms 1.5.2
Published Jan 13, 2026
Tracked Since Feb 18, 2026