Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code via the tristao parameter. NOTE: this is disputed by the vendor because an admin is intentionally allowed to upload new executable PHP code, such as a theme that was obtained from a trusted source or was developed for their own website. Only an admin can upload such code, not someone else in an "attacker" role.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-02-07T00:00:00

Updated: 2024-08-03T14:17:03.786Z

Reserved: 2022-11-21T00:00:00

Link: CVE-2022-45544

cve-icon Vulnrichment

Updated: 2024-08-03T14:17:03.786Z

cve-icon NVD

Status : Modified

Published: 2023-02-07T16:15:08.607

Modified: 2024-11-21T07:29:25.777

Link: CVE-2022-45544

cve-icon Redhat

No data.