CVE-2022-50898

HighPublic PoC

Published: 13 January 2026

Published

13 January 2026

Modified

29 January 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0049 65.5th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-50898 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Kalyan02 Nanocms. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 34.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly requires input validation and sanitization at page creation interfaces to block unvalidated uploads of malicious PHP files.

SI-2 Flaw Remediation good match

prevent

Mandates identification, reporting, and correction of the unrestricted file upload flaw in NanoCMS 0.4 to eliminate the RCE vulnerability.

SI-9 Information Input Restrictions good match

prevent

Enforces restrictions on file types and content during authenticated page creation to prevent upload of dangerous PHP code to the pages directory.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1505.003 Web Shell Persistence

Adversaries may backdoor web servers with web shells to establish persistent access to systems.

attack.mitre.org →

Why these techniques?

The vulnerability allows authenticated attackers to exploit a public-facing web application (NanoCMS) via unrestricted file upload of malicious PHP files, enabling remote code execution equivalent to deploying a web shell.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

NanoCMS 0.4 contains an authenticated file upload vulnerability that allows remote code execution through unvalidated page content creation. Authenticated attackers can upload PHP files with arbitrary code to the server's pages directory by exploiting the page creation mechanism without proper…

input sanitization.

Deeper analysisAI

CVE-2022-50898 is an authenticated file upload vulnerability in NanoCMS version 0.4 that enables remote code execution. The issue stems from unvalidated page content creation, where the page creation mechanism lacks proper input sanitization, allowing attackers to upload PHP files containing arbitrary code directly to the server's pages directory. This flaw is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Authenticated attackers with low privileges can exploit this vulnerability remotely over the network with low complexity and no user interaction. By leveraging the flawed page creation process, they can upload and execute malicious PHP code on the server, achieving full remote code execution and potentially compromising the entire system through high impacts on confidentiality, integrity, and availability.

Reference advisories and resources, including Exploit-DB entry 50997, a VulnCheck advisory on authenticated RCE in NanoCMS, and GitHub exploit archives, document the vulnerability with proof-of-concept exploits but do not specify patches or mitigations in the provided details. The NanoCMS GitHub repository is also referenced, indicating the affected open-source component.