Lucene search
K

4 matches found

CVE
CVE
added 2019/10/24 3:26 p.m.81 views

CVE-2019-11021

CVE-2019-11021 affects Schlix CMS 2.1.8-7; the issue resides in admin/app/mediamanager, allowing Authenticated Unrestricted File Upload and resulting in remote code execution. Red Hat and CNVD entries corroborate that an admin-permission requirement exists, implying limited exploitation likelihoo...

7.2CVSS7.3AI score0.02236EPSS
CVE
CVE
added 2024/01/31 12:0 a.m.47 views

CVE-2023-31505

CVE-2023-31505 affects Schlix CMS v2.2.8-1, specifically the core.mediamanager component. A crafted .phtml file enables an authenticated remote attacker to upload arbitrary files and execute code, potentially exposing sensitive information. The Red Hat/other sources confirm the vulnerability exis...

7.2CVSS7AI score0.01158EPSS
CVE
CVE
added 2023/02/07 12:0 a.m.45 views

CVE-2022-45544

Schlix CMS 2.2.7-2 contains an insecure permission flaw that allows an attacker to upload arbitrary files and execute arbitrary code via the tristao parameter. The vendor disputes that this is a generic vulnerability, arguing only admins should be able to upload executable PHP code. Public report...

8.8CVSS8.9AI score0.01322EPSS
CVE
CVE
added 2025/12/22 12:0 a.m.14 views

CVE-2025-67443

Schlix CMS before v2.2.9-5 is affected by a Cross Site Scripting (XSS) vulnerability due to missing JavaScript sanitization in the login form, causing incorrect login attempts to be logged as XSS in the admin panel. The connected sources confirm the affected version and the root cause without det...

6.1CVSS5.5AI score0.00158EPSS