CVE-2022-50806

Name of the Vulnerable Software and Affected Versions 4images version 1.9

Description The software contains a remote command execution issue. Authenticated administrators can inject reverse shell code through template editing functionality. Attackers can save malicious code in a template and execute arbitrary commands by accessing the ''/categories.php'' endpoint with a crafted cat id parameter.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the template editing functionality for administrators.