CVE-2026-30993 - Slah Informática CMS Remote Code Execution Vulnerability Summary Vulnerability Overview Vulnerability Name: Slah Informática CMS Remote Code Execution (RCE) CVE ID: CVE-2026-30993 Severity Level: 9.8 Critical (CVSS v3.1) Root Cause: Located in the function within . This function accepts key-value pairs and, when provided with a specific hardcoded key, directly executes the passed value via without validation, leading to arbitrary code execution. Exploitation Method: An attacker can inject PHP code (e.g., or functions) through the parameter at the login endpoint, thereby executing arbitrary system commands on the server. Affected Scope Affected Software: Slah CMS Affected Versions: All versions up to and including 1.5.0 Technology Stack: PHP Primary Users: Institutional website administrators within Brazilian government infrastructure (gov.br) Remediation Primary Solution: Upgrade to the latest patched version released by the vendor. Technical Recommendation: Avoid using for processing dynamic logic. Use secure statements or whitelist-based mapping to ensure user input is not executed as code. Proof of Concept (POC) Code 1. Basic Exploit Command (Retrieve System Information) 2. Automated Exploit Script (Read /etc/passwd) 3. Automated Exploit Script (Get User ID)**