High severity8.8NVD Advisory· Published May 10, 2026· Updated May 12, 2026
CVE-2021-47939
CVE-2021-47939
Description
Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with malicious PHP code in the 'post' parameter to create modules that execute arbitrary commands when invoked.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: = 3.1.6
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.