CVE-2021-47939
HIGH NVDCVSS Score
8.8
Severity
HIGH
Source
NVD
Published
May 10, 2026
Description
Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with malicious PHP code in the 'post' parameter to create modules that execute arbitrary commands when invoked.