CVE-2026-30993 | THREATINT

Description

Slah CMS v1.5.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the session() function at config.php. This vulnerability is exploitable via a crafted input.

PUBLISHED Reserved 2026-03-09 | Published 2026-04-15 | Updated 2026-04-16 | Assigner mitre

References

cve.joaopaulodeoliveira.dev/...nformatica-eval-injection-rce

cve.joaopaulodeoliveira.dev/cve.php/published/CVE-2026-30993

cve.org (CVE-2026-30993)

nvd.nist.gov (CVE-2026-30993)

Download JSON