PatchSiren cyber security CVE debrief

CVE-2021-47938 Exploit Db CVE debrief

CVE-2021-47938 describes an authenticated remote code execution issue in ImpressCMS 1.4.2 affecting the autotasks administrative interface. According to the supplied record, an attacker with valid access can abuse the sat_code parameter to inject PHP code and cause server-side code execution. The NVD metadata rates the issue HIGH (CVSS 8.7) with network access, low attack complexity, low privileges, no user interaction, and high confidentiality, integrity, and availability impact. Administrators should treat this as a high-priority web application issue because it can lead to full compromise of the affected application environment once an account is available.

Vendor: Exploit Db
Product: Unknown
CVSS: HIGH 8.7
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-05-10
Original CVE updated: 2026-05-10
Advisory published: 2026-05-10
Advisory updated: 2026-05-10

Who should care

ImpressCMS administrators, web application security teams, and organizations that expose the ImpressCMS admin interface or delegate administrative accounts should review this immediately. It is especially relevant where the autotasks administrative function is reachable from networks used by admins or third parties.

Technical summary

The supplied NVD record indicates a code-injection flaw (CWE-94) in ImpressCMS 1.4.2's autotasks administrative interface. An authenticated attacker can submit crafted input through the sat_code parameter in the autotasks modification flow and trigger arbitrary PHP execution on the server. The provided CVSS v4.0 vector reflects network exploitation with low privileges and no user interaction, and the impact is rated high across confidentiality, integrity, and availability.

Defensive priority

High. This is an authenticated RCE with severe impact potential and should be prioritized for remediation, access restriction, and monitoring.

Recommended defensive actions

Check whether your environment uses ImpressCMS 1.4.2 and the autotasks administrative interface.
Apply vendor remediation or upgrade guidance from ImpressCMS as soon as an affected release is identified.
Restrict access to ImpressCMS administrative interfaces to trusted administrative networks or VPN-only paths.
Review administrative account inventory and remove any stale or unnecessary privileged users.
Monitor for suspicious POST activity involving the autotasks admin endpoint and investigate unexpected PHP file creation in the web root or related writable directories.
Inspect web server and application logs for anomalous admin actions around the autotasks feature and review for signs of unauthorized code execution.
Use the official ImpressCMS download and project pages to confirm patched releases before returning affected systems to service.

Evidence notes

The response is based only on the supplied CVE/NVD corpus and the listed references. The official NVD metadata marks the issue as received and provides the CVSS v4.0 vector and CWE-94 classification. NVD references an Exploit-DB entry, the ImpressCMS site and downloads page, and a VulnCheck advisory. No KEV entry was supplied.

Official resources

Supplied CVE timeline dates show publication and modification on 2026-05-10T13:16:30.100Z. The NVD record references external disclosure material from Exploit-DB and VulnCheck, and no KEV date was provided in the supplied data.