Vendor
Schlix CMS 2.2.6-6 contains a remote code execution vulnerability, tracked as CVE-2021-47964, allowing authenticated attackers to execute arbitrary PHP code by uploading malicious extension packages through the block manager and triggering execution by accessing the 'About' tab.