evolution-cms/evolution

evolution-cms/evolution

Releases71

Frequency1 month 2 weeks

Last Release 2 months ago

Stars257

Welcome to the Evolution CMS. The world’s fastest, most customizable Open Source PHP CMS. Your creative vision, no restrictions, no compromise.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2021-47939 ↗	May 10, 2026Sunday, 10 May 2026, 13:16	8.8 HIGH	—
Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with malicious PHP code in the 'post' parameter to create modules that execute arbitrary commands when invoked.
CVE-2020-23238 ↗	Jul 26, 2021Monday, 26 July 2021, 20:15	5.4 MEDIUM	3.5 LOW
Cross Site Scripting (XSS) vulnerability in Evolution CMS 2.0.2 via the Document Manager feature.
CVE-2019-14518 ↗	Aug 15, 2019Thursday, 15 August 2019, 16:15	—	3.5 LOW
Evolution CMS 2.0.x allows XSS via a description and new category location in a template. NOTE: the vendor states that the behavior is consistent with the "access policy in the administration panel.