HIGH
Schlix
CVE published 2026-05-15
CVE-2021-47964
CVE-2021-47964 describes an authenticated remote code execution flaw in Schlix CMS extension handling. The reported attack path uses the block manager to upload a crafted extension package, then triggers PHP code execution when the installed extension’s About tab is accessed. Because the issue enables arbitrary PHP execution with authenticated access, it should be treated as a high-risk administrative com [truncated]