VYPR
Unrated severityNVD Advisory· Published Jan 13, 2026· Updated Jan 29, 2026

NanoCMS 0.4 - Remote Code Execution (RCE) (Authenticated)

CVE-2022-50898

Description

NanoCMS 0.4 contains an authenticated file upload vulnerability that allows remote code execution through unvalidated page content creation. Authenticated attackers can upload PHP files with arbitrary code to the server's pages directory by exploiting the page creation mechanism without proper input sanitization.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.