CVE-2021-47964
Schlix · Schlix CMS
Schlix CMS 2.2.6-6 contains a code injection vulnerability in the core block manager, allowing an authenticated attacker with low privileges to execute arbitrary code.
Executive summary
A critical code injection vulnerability in Schlix CMS 2.2.6-6 allows low-privileged authenticated attackers to achieve remote code execution.
Vulnerability
This is a Code Injection (CWE-94) vulnerability located in the application's core block manager. It requires an attacker to have authenticated with low privileges to trigger the execution of arbitrary code on the server.
Business impact
With a CVSS score of 8.8, this vulnerability poses a severe threat to the entire server environment. An attacker achieving remote code execution can gain full control over the web server, leading to complete system compromise, lateral movement, and data exfiltration.
Remediation
Immediate Action: Update Schlix CMS to the latest version. If an update is not available, disable the affected block manager functionality.
Proactive Monitoring: Audit server logs for unauthorized process execution, suspicious file modifications, or unexpected outbound network connections.
Compensating Controls: Use a WAF to block requests that contain patterns associated with code injection or attempt to access restricted block manager files.
Exploitation status
Public Exploit Available: Yes — a public exploit is available via ExploitDB (ID 49838).
Analyst recommendation
Due to the high CVSS score and the availability of a public exploit, immediate action is required. Organizations must restrict administrative access and apply patches immediately to prevent unauthorized code execution and full system compromise.