Unrated severityNVD Advisory· Published Jan 13, 2026· Updated Jan 29, 2026

NanoCMS 0.4 - Remote Code Execution (RCE) (Authenticated)

CVE-2022-50898

Description

NanoCMS 0.4 contains an authenticated file upload vulnerability that allows remote code execution through unvalidated page content creation. Authenticated attackers can upload PHP files with arbitrary code to the server's pages directory by exploiting the page creation mechanism without proper input sanitization.

Affected products

NanoCMS/NanoCMSllm-create
Range: =0.4
kalyan02/NanoCMSv5
Range: 0.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/ishell/Exploits-Archives/blob/master/2009-exploits/0904-exploits/nanocms-multi.txtmitreexploit
www.exploit-db.com/exploits/50997mitreexploit
www.vulncheck.com/advisories/nanocms-remote-code-execution-rce-authenticatedmitrethird-party-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000