Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Mon, 18 May 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 15 May 2026 19:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious extension packages through the block manager. Attackers can upload a crafted ZIP file containing PHP code in the packageinfo.inc file and trigger execution by accessing the About tab of the installed extension. | |
| Title | Schlix CMS 2.2.6-6 Remote Code Execution via core.blockmanager | |
| First Time appeared |
Schlix
Schlix cms |
|
| Weaknesses | CWE-94 | |
| CPEs | cpe:2.3:a:schlix:cms:2.1.8-7:*:*:*:*:*:*:* cpe:2.3:a:schlix:cms:2.2.1-3:*:*:*:*:*:*:* cpe:2.3:a:schlix:cms:2.2.7-2:*:*:*:*:*:*:* cpe:2.3:a:schlix:cms:2.2.8-1:*:*:*:*:*:*:* |
|
| Vendors & Products |
Schlix
Schlix cms |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-05-18T16:02:50.199Z
Reserved: 2026-05-15T16:30:56.473Z
Link: CVE-2021-47964
Updated: 2026-05-18T16:02:45.440Z
Status : Deferred
Published: 2026-05-15T19:16:56.030
Modified: 2026-06-17T04:18:50.520
Link: CVE-2021-47964
No data.
OpenCVE Enrichment
Updated: 2026-05-15T20:30:06Z