CVE-2022-50806

HIGH 7.2

4images 1.9 - Remote Command Execution (RCE)

CVSS Score

7.2

EPSS Score

0.0%

EPSS Percentile

0th

4images 1.9 contains a remote command execution vulnerability that allows authenticated administrators to inject reverse shell code through template editing functionality. Attackers can save malicious code in the template and execute arbitrary commands by accessing a specific categories.php endpoint with a crafted cat_id parameter.

CWE	CWE-94
Vendor	4homepages
Product	4images
Published	Jan 13, 2026
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for 4homepages 4images

Be the first to know when new high vulnerabilities affecting 4homepages 4images are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

4Homepages / 4images

1.9

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/51147 4homepages.de: https://www.4homepages.de/ vulncheck.com: https://www.vulncheck.com/advisories/images-remote-command-execution-rce

Credits

Andrey Stoykov