CVEFinder.io

CVE-2021-47964

⚠️ high
πŸ” Scan for this CVE
Summary

Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious extension packages through the block manager. Attackers can upload a crafted ZIP file containing PHP code in the packageinfo.inc file and trigger execution by accessing the About tab of the installed extension.

CVSS Score
8.8
High
EPSS Score
0.3
Exploit Probability
Published Date
2026-05-15
First Seen: 2026-05-17
πŸ“Š Relative Risk Intelligence

This CVE is High Risk - more severe than 81.1% of all 328,009 vulnerabilities in our database.

#62,016
Top 25% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 18, 2026
πŸ” Exploitation Status
Poc
Proof-of-concept available
βš™οΈ Automatable
NO
Requires human interaction
πŸ’₯ Technical Impact
Total
Complete system compromise possible
πŸ† Discovered By
Eren Saraç
SSVC data provided by CISA
Last Modified 2026-05-18
Source NVD πŸ”—
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS Vector 4.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE IDs (Weakness Types)
CWE-94

πŸ“¦ Affected Products 0

No affected products information available

πŸ”— References 4

https://www.exploit-db.com/exploits/49838
https://www.schlix.com/
https://www.schlix.com/downloads/schlix-cms/schlix-c...
https://www.vulncheck.com/advisories/schlix-cms-6-re...