CVE-2021-47939

Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with malicious PHP code in...

CVE-2021-47939

Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with malicious PHP code in...

CVE-2021-47939 Evolution CMS 3.1.6 Authenticated Remote Code Execution via Module Creation

Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with malicious PHP code in...

CVE-2021-47939 Evolution CMS 3.1.6 Authenticated Remote Code Execution via Module Creation

Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with malicious PHP code in...

Evolution CMS 代码注入漏洞

Evolution CMS is an open-source content management system based on PHP, developed by Evolution CMS. Version 3.1.6 of Evolution CMS has a code injection vulnerability. This vulnerability stems from a remote code execution flaw, allowing authenticated users with module creation permissions to execu...

PT-2026-39514

Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with malicious PHP code in...

EUVD-2020-15990

Malware in sbrugna...

EUVD-2006-5075

Malware in sbrugna...

EUVD-2022-3180

Malicious code in bioql PyPI...

EUVD-2022-3414

Malicious code in bioql PyPI...

CVE-2020-23238

Cross Site Scripting XSS vulnerability in Evolution CMS 2.0.2 via the Document Manager feature...

CVE-2019-14518

Evolution CMS 2.0.x allows XSS via a description and new category location in a template. NOTE: the vendor states that the behavior is consistent with the "access policy in the administration panel...

Evolution CMS Cross-Site Scripting Vulnerability (CNVD-2023-85602)

Evolution CMS is an open source PHP-based content management system CMS. Evolution CMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the uid parameter, which can be exploited by an attacker to execute...

Evolution CMS Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters...

GHSA-432F-967F-VXG4 Evolution CMS Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters...

Evolution CMS Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter...

GHSA-5H47-9RM5-FX3F Evolution CMS Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter...

Evolution CMS Cross-Site Scripting Vulnerability

Evolution CMS is an open source PHP-based content management system CMS. A security vulnerability exists in Evolution CMS version v.3.2.3, which stems from a cross-site scripting XSS vulnerability in several parameters such as cmsadmin, cmsadminmail, and others...

Evolution CMS Stored Cross-site Scripting (XSS)

Evolution CMS 1.4.x prior to 1.4.6 allows XSS via the page weblink title parameter to the manager/ URI...

GHSA-9MFC-GR8C-XJ4M Evolution CMS Cross-site Scripting (XSS)

Evolution CMS 1.4.x prior to 1.4.6 allows XSS via the manager/ search parameter...