CVE-2021-47939
Evo · Evolution CMS
Evolution CMS 3.1.6 contains a code injection vulnerability that allows an authenticated attacker to execute arbitrary code during module creation.
Executive summary
An authenticated code injection vulnerability in Evolution CMS 3.1.6 allows attackers to achieve remote code execution.
Vulnerability
This vulnerability (CWE-94) is triggered during the module creation process. It requires the attacker to hold low-level privileges (PR:L), after which they can inject and execute arbitrary code.
Business impact
Successful exploitation provides the attacker with a foothold to execute code on the underlying server, which can lead to total system compromise. With a CVSS score of 8.8, this flaw represents a significant risk to the integrity and security of the hosting environment.
Remediation
Immediate Action: Apply the latest security patches provided by the Evolution CMS project. Ensure that administrative module creation is restricted to authorized, trusted personnel only.
Proactive Monitoring: Review audit logs for unusual module creation activities or modifications to system files that do not align with expected administrative tasks.
Compensating Controls: Apply WAF rules to block malicious payloads within administrative forms and module creation requests.
Exploitation status
Public Exploit Available: Yes — an entry exists on ExploitDB.
Analyst recommendation
Given the potential for complete system compromise, organizations should prioritize updating their Evolution CMS instances to the latest patched version. Restricting administrative access is a vital interim measure to reduce the attack surface.