Vulnerability Description
Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code via the tristao parameter. NOTE: this is disputed by the vendor because an admin is intentionally allowed to upload new executable PHP code, such as a theme that was obtained from a trusted source or was developed for their own website. Only an admin can upload such code, not someone else in an "attacker" role.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schlix | Cms | 2.2.7-2 |
Related Weaknesses (CWE)
References
- https://blog.tristaomarinho.com/schlix-cms-2-2-7-2-arbitrary-file-upload/Broken Link
- https://github.com/tristao-marinho/CVE-2022-45544/blob/main/README.mdExploitThird Party Advisory
- https://www.schlix.com/Product
- https://www.schlix.com/downloads/schlix-cms/schlix-cms-v2.2.7-2.zipProduct
- https://blog.tristaomarinho.com/schlix-cms-2-2-7-2-arbitrary-file-upload/Broken Link
- https://github.com/tristao-marinho/CVE-2022-45544/blob/main/README.mdExploitThird Party Advisory
- https://www.schlix.com/Product
- https://www.schlix.com/downloads/schlix-cms/schlix-cms-v2.2.7-2.zipProduct
FAQ
What is CVE-2022-45544?
CVE-2022-45544 is a vulnerability with a CVSS score of 8.8 (HIGH). Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code via the tristao parameter. NOTE: this is disputed by the ven...
How severe is CVE-2022-45544?
CVE-2022-45544 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-45544?
Check the references section above for vendor advisories and patch information. Affected products include: Schlix Cms.