Back

Critical Remote Code Execution Vulnerability in Evolution CMS Disclosed

Severity: High (Score: 67.5)

Sources: db.gcve.eu, vuldb.com, www.redpacketsecurity.com, cve.report, Feedly

Summary

A remote code execution vulnerability (CVE-2021-47939) has been identified in Evolution CMS 3.1.6, allowing authenticated users with module creation permissions to execute arbitrary system commands. The vulnerability is exploited by sending POST requests to /manager/index.php with malicious PHP code in the 'post' parameter. Currently, there is no evidence of public exploitation or a proof-of-concept available. Affected users include those with module creation permissions, and the CVSS base score assigned is 8.8, indicating a high severity. No patches have been released as of now, and security experts recommend restricting module creation permissions and implementing input validation. The vulnerability was published on May 10, 2026, alongside another CVE for a different CMS (CVE-2021-47938). Key Points: • CVE-2021-47939 allows remote code execution in Evolution CMS 3.1.6. • Attackers can exploit the vulnerability via crafted POST requests to /manager/index.php. • No patches are available; immediate action is recommended to restrict permissions.

Key Entities

  • Zero-day Exploit (attack_type)
  • CVE-2021-47938 (cve)
  • CVE-2021-47939 (cve)
  • CWE-78 - OS Command Injection (cwe)
  • CWE-94 - Code Injection (cwe)
  • T1059.004 - Unix Shell (mitre_attack)
  • T1059 - Command and Scripting Interpreter (mitre_attack)
  • T1505.003 - Web Shell (mitre_attack)
  • Evolution CMS (platform)
  • ImpressCMS (platform)
  • Evolution CMS 3.1.6 PHP Code Injection In Module Parameters (vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed