πŸ” CVE Alert

CVE-2021-47964

HIGH 8.8

Schlix CMS 2.2.6-6 Remote Code Execution via core.blockmanager

CVSS Score
8.8
EPSS Score
0.0%
EPSS Percentile
0th

Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious extension packages through the block manager. Attackers can upload a crafted ZIP file containing PHP code in the packageinfo.inc file and trigger execution by accessing the About tab of the installed extension.

CWE CWE-94
Vendor schlix
Product schlix cms
Published May 15, 2026
Stay Ahead of the Next One

Get instant alerts for schlix schlix cms

Be the first to know when new high vulnerabilities affecting schlix schlix cms are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Affected Versions

Schlix / Schlix CMS
2.2.6-6

References

NVD β†— CVE.org β†— EPSS Data β†—
exploit-db.com: https://www.exploit-db.com/exploits/49838 schlix.com: https://www.schlix.com/ schlix.com: https://www.schlix.com/downloads/schlix-cms/schlix-cms-v2.2.6-6.zip vulncheck.com: https://www.vulncheck.com/advisories/schlix-cms-6-remote-code-execution-via-core-blockmanager

Credits

Eren Saraç