VYPR

Evolution

by Evolution CMS

Source repositories

CVEs (6)

  • CVE-2021-47939HigMay 10, 2026
    risk 0.57cvss 8.8epss 0.01

    Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with…

  • CVE-2007-2090Apr 18, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.php in TuMusika Evolution 1.6 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

  • CVE-2020-23238Jul 26, 2021
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS) vulnerability in Evolution CMS 2.0.2 via the Document Manager feature.

  • CVE-2019-14518Aug 15, 2019
    risk 0.00cvss epss 0.01

    Evolution CMS 2.0.x allows XSS via a description and new category location in a template. NOTE: the vendor states that the behavior is consistent with the "access policy in the administration panel.

  • CVE-2018-16637Dec 28, 2018
    risk 0.00cvss epss 0.01

    Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI.

  • CVE-2018-16638Dec 28, 2018
    risk 0.00cvss epss 0.01

    Evolution CMS 1.4.x allows XSS via the manager/ search parameter.