Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
CVE-2021-47964: Schlix CMS 2.2.6-6 allows attackers to execute malicious code
CVE-2021-47964
Summary
An attacker with a Schlix CMS account can upload a malicious file that executes their own code. This could allow them to access sensitive data or take control of the website. Update to the latest version of Schlix CMS to fix this issue.
Original title
Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious extension packages through the block manag...
Original description
Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious extension packages through the block manager. Attackers can upload a crafted ZIP file containing PHP code in the packageinfo.inc file and trigger execution by accessing the About tab of the installed extension.
nvd CVSS3.1
8.8
nvd CVSS4.0
8.7
Vulnerability type
CWE-94
Code Injection
Published: 15 May 2026 · Updated: 28 May 2026 · First seen: 15 May 2026