Cyber Resilience

CVE-2022-50939

HighPublic PoC

Published: 13 January 2026

Published
13 January 2026
Modified
20 January 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0109 61.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2022-50939 is a high-severity Path Traversal (CWE-22) vulnerability in E107 E107. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 39.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-7 (Software, Firmware, and Information Integrity).

Deeper analysis

CVE-2022-50939 is a critical file upload vulnerability in e107 CMS version 3.2.1, affecting the Media Manager's remote URL upload functionality in the admin interface's image.php component. The issue stems from improper sanitization of the upload_caption parameter, enabling path traversal attacks via directory traversal sequences such as ../../../. This allows overwriting of arbitrary server files outside the intended upload directory, including configuration files, executable scripts, or other critical system components. Discovered by Hubert Wojciechowski, it is associated with CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and CWE-434 (Comparison of Classes by Name), with a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

An authenticated administrator can exploit this vulnerability by manipulating the upload_caption field during remote URL uploads in the Media Manager. By injecting path traversal payloads, the attacker can override sensitive files on the server, potentially leading to complete compromise of the web application, such as executing arbitrary code, altering configurations, or disrupting services.

Advisories and related resources, including those from the vendor at e107.org and e107.org/download, a VulnCheck advisory on the upload restriction bypass with path traversal file override, and a proof-of-concept exploit at exploit-db.com/exploits/50910, provide details on the issue. Published on 2026-01-13, these references indicate paths for mitigation, such as applying patches from the vendor's download page.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. The vulnerability exists in the Media Manager's remote URL upload functionality (image.php) where the upload_caption parameter is not…

more

properly sanitized. An attacker with administrative privileges can use directory traversal sequences (../../../) in the upload_caption field to overwrite critical system files outside the intended upload directory. This can lead to complete compromise of the web application by overwriting configuration files, executable scripts, or other critical system components. The vulnerability was discovered by Hubert Wojciechowski and affects the image.php component in the admin interface.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Path traversal in admin file upload directly enables web shell deployment and RCE on public-facing CMS via arbitrary file overwrite.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2022-50907Same product: E107 E107
CVE-2022-50916Same product: E107 E107
CVE-2025-11941Same product: E107 E107
CVE-2022-50905Same product: E107 E107
CVE-2026-22786Shared CWE-22, CWE-434
CVE-2024-13986Shared CWE-22, CWE-434
CVE-2025-2749Shared CWE-22, CWE-434
CVE-2012-10054Shared CWE-22, CWE-434
CVE-2025-35055Shared CWE-22, CWE-434
CVE-2026-9102Shared CWE-22, CWE-434

Affected Assets

e107
e107
3.2.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation and sanitization of the upload_caption parameter to block path traversal sequences (../../../) that enable arbitrary file overwrites.

preventdetect

Requires integrity verification mechanisms that would detect or block unauthorized overwrites of configuration files and executables outside the intended Media Manager directory.

prevent

Enforces access restrictions on changes to system files, limiting the ability of even authenticated administrators to perform the path-traversal file overrides described in the CVE.

References