CVE-2022-50806
Unknown Unknown - Not Provided
Remote Command Execution in 4images 1.9 via Template Injection

Publication date: 2026-01-13

Last updated on: 2026-02-02

Assigner: VulnCheck

Description
4images 1.9 contains a remote command execution vulnerability that allows authenticated administrators to inject reverse shell code through template editing functionality. Attackers can save malicious code in the template and execute arbitrary commands by accessing a specific categories.php endpoint with a crafted cat_id parameter.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-13
Last Modified
2026-02-02
Generated
2026-06-16
AI Q&A
2026-01-14
EPSS Evaluated
2026-06-15
NVD
CVE-2022-50806
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
4images 4images 1.9
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2022-50806 is a remote command execution vulnerability in 4images version 1.9. It allows an authenticated administrator to inject malicious reverse shell code into template files through the template editing functionality. Once the malicious code is saved in a template, an attacker can execute arbitrary commands on the server by accessing a specific categories.php endpoint with a crafted cat_id parameter. This happens because the application does not properly sanitize or validate the template content, enabling remote code execution via template injection. [1, 2]

Impact Analysis

This vulnerability can allow an attacker with administrative access to execute arbitrary commands on the affected server remotely. By injecting a reverse shell payload into template files, the attacker can gain shell access with the privileges of the daemon user, potentially leading to full system compromise, data theft, or further attacks within the network. [1, 2]

Detection Guidance

This vulnerability can be detected by checking if unauthorized or suspicious modifications have been made to template files via the admin interface, especially the 'categories.html' template in the 'default_960px' template pack. Monitoring HTTP POST requests to '/4images/admin/templates.php' with parameters related to 'savetemplate' action and unusual content payloads can indicate exploitation attempts. Additionally, you can look for access to URLs like '/4images/categories.php?cat_id=1' that trigger the injected code. To detect active exploitation, you can monitor for reverse shell connections, for example by running a netcat listener with the command: nc -kvlp 4444. Also, reviewing web server logs for POST requests to the template editing endpoint and GET requests to the categories.php endpoint with crafted parameters can help identify attempts. [1]

Mitigation Strategies

Immediate mitigation steps include restricting administrative access to trusted users only, ensuring strong authentication mechanisms are in place, and monitoring for suspicious template edits. Disable or restrict the template editing functionality if possible until a patch or update is applied. Review and sanitize inputs in the template editing interface to prevent code injection. Additionally, monitor network traffic for unusual connections such as reverse shells and consider setting up firewall rules to block unexpected outbound connections. Applying any available patches or updates from the 4images software provider is also critical. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50806. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart