Tag
Evolution CMS version 3.1.6 is vulnerable to remote code execution, where authenticated users with module creation permissions can inject PHP code into module parameters, allowing them to execute arbitrary system commands by sending POST requests to '/manager/index.php' with malicious PHP code in the 'post' parameter to create modules that execute arbitrary commands when invoked, as tracked by CVE-2021-47939.