Unrated severityNVD Advisory· Published Jan 13, 2026· Updated Jan 29, 2026
NanoCMS 0.4 - Remote Code Execution (RCE) (Authenticated)
CVE-2022-50898
Description
NanoCMS 0.4 contains an authenticated file upload vulnerability that allows remote code execution through unvalidated page content creation. Authenticated attackers can upload PHP files with arbitrary code to the server's pages directory by exploiting the page creation mechanism without proper input sanitization.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- kalyan02/NanoCMSv5Range: 0.4
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.