7 matches found
CVE-2022-45544
Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code via the tristao parameter. NOTE: this is disputed by the vendor because an admin is intentionally allowed to upload new executable PHP code, such as a theme...
CVE-2022-45544
Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code via the tristao parameter. NOTE: this is disputed by the vendor because an admin is intentionally allowed to upload new executable PHP code, such as a theme...
Design/Logic Flaw
DISPUTED Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code via the tristao parameter. NOTE: this is disputed by the vendor because an admin is intentionally allowed to upload new executable PHP code, such as...
CVE-2022-45544
Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code via the tristao parameter. NOTE: this is disputed by the vendor because an admin is intentionally allowed to upload new executable PHP code, such as a theme...
CVE-2022-45544
Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code via the tristao parameter. NOTE: this is disputed by the vendor because an admin is intentionally allowed to upload new executable PHP code, such as a theme...
Schlix CMS 安全漏洞
Schlix CMS is an open source content management system CMS based on PHP and MySQL. A security vulnerability exists in Schlix CMS version 2.2.7-2. An attacker can exploit the vulnerability to upload arbitrary files and execute arbitrary code via the tristao parameter...
PT-2023-14700 · Schlix Web · Schlix Cms
Name of the Vulnerable Software and Affected Versions: Schlix Web Inc SCHLIX CMS version 2.2.7-2 Description: The issue allows an attacker to upload arbitrary files and execute arbitrary code via the tristao parameter. However, it is noted that this functionality is intentionally allowed for admi...