Cms

Schlix CMS 2.2.6-6 contains a remote code execution vulnerability, tracked as CVE-2021-47964, allowing authenticated attackers to execute arbitrary PHP code by uploading malicious extension packages through the block manager and triggering execution by accessing the 'About' tab.

A server-side template injection (SSTI) vulnerability exists in Kirby CMS within the option rendering feature due to double template resolution in option fields (checkboxes, color, multiselect, select, radio, tags, or toggles) when using options from a query or API with untrusted values, potentially allowing attackers to inject malicious queries.