Published: 07/02/2023 Updated: 11/04/2024

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows malicious user to upload arbitrary files and execute arbitrary code via the tristao parameter. NOTE: this is disputed by the vendor because an admin is intentionally allowed to upload new executable PHP code, such as a theme that was obtained from a trusted source or was developed for their own website. Only an admin can upload such code, not someone else in an "attacker" role.

Vulnerable Product	Search on Vulmon	Subscribe to Product
schlix cms 2.2.7-2

SCHLIX CMS 2.2.7-2 arbitrary File Upload

CVE-2022-45544 SCHLIX CMS 227-2 arbitrary File Upload #Title:Schlix CMS 227-2 | Arbitrary File Upload Remote following Code Execution (Authenticated) #Date: 2022-11-09 #Author: Francisco Marinho #Vendor Homepage: wwwschlixcom/ #Software link:wwwschlixcom/downloads/schlix-cms/schlix-cms-v227-2zip #Version: 227-2 #Tested on: Linux ===================

CWE-863 https://www.schlix.com/downloads/schlix-cms/schlix-cms-v2.2.7-2.zip https://blog.tristaomarinho.com/schlix-cms-2-2-7-2-arbitrary-file-upload/https://github.com/tristao-marinho/CVE-2022-45544/blob/main/README.md https://www.schlix.com/https://nvd.nist.gov https://github.com/tristao-marinho/CVE-2022-45544

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-45544

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect