Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
CVE-2021-47939: Evolution CMS allows authenticated users to execute system commands
CVE-2021-47939
Summary
Authenticated users with module creation permissions in Evolution CMS can inject malicious code to execute system commands. This could allow an attacker to gain unauthorized access or disrupt the system. Update to the latest version to fix this issue.
Original title
Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into m...
Original description
Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with malicious PHP code in the 'post' parameter to create modules that execute arbitrary commands when invoked.
nvd CVSS3.1
8.8
nvd CVSS4.0
8.7
Vulnerability type
CWE-94
Code Injection
Published: 10 May 2026 · Updated: 30 May 2026 · First seen: 10 May 2026