High severity8.8NVD Advisory· Published May 10, 2026· Updated May 12, 2026
CVE-2021-47938
CVE-2021-47938
Description
ImpressCMS 1.4.2 contains a remote code execution vulnerability in the autotasks administrative interface that allows authenticated attackers to execute arbitrary PHP code by injecting malicious code into the sat_code parameter. Attackers can authenticate, submit a POST request to /modules/system/admin.php?fct=autotasks&op=mod with crafted sat_code containing PHP commands, which creates an executable file that accepts arbitrary commands via GET parameters.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: = 1.4.2
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.