4 matches found
CVE-2019-11021
CVE-2019-11021 affects Schlix CMS 2.1.8-7; the issue resides in admin/app/mediamanager, allowing Authenticated Unrestricted File Upload and resulting in remote code execution. Red Hat and CNVD entries corroborate that an admin-permission requirement exists, implying limited exploitation likelihoo...
CVE-2023-31505
CVE-2023-31505 affects Schlix CMS v2.2.8-1, specifically the core.mediamanager component. A crafted .phtml file enables an authenticated remote attacker to upload arbitrary files and execute code, potentially exposing sensitive information. The Red Hat/other sources confirm the vulnerability exis...
CVE-2022-45544
Schlix CMS 2.2.7-2 contains an insecure permission flaw that allows an attacker to upload arbitrary files and execute arbitrary code via the tristao parameter. The vendor disputes that this is a generic vulnerability, arguing only admins should be able to upload executable PHP code. Public report...
CVE-2025-67443
Schlix CMS before v2.2.9-5 is affected by a Cross Site Scripting (XSS) vulnerability due to missing JavaScript sanitization in the login form, causing incorrect login attempts to be logged as XSS in the admin panel. The connected sources confirm the affected version and the root cause without det...