Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code via the tristao parameter. NOTE: this is disputed by the vendor because an admin is intentionally allowed to upload new executable PHP code, such as a theme that was obtained from a trusted source or was developed for their own website. Only an admin can upload such code, not someone else in an "attacker" role.
- https://blog.tristaomarinho.com/schlix-cms-2-2-7-2-arbitrary-file-upload/
- https://github.com/tristao-marinho/CVE-2022-45544/blob/main/README.md
- https://github.com/k0mi-tg/CVE-POC
- https://github.com/manas3c/CVE-POC
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/tristao-io/CVE-2022-45544
- https://github.com/tristao-marinho/CVE-2022-45544
- https://github.com/whoforget/CVE-POC
- https://github.com/youwizard/CVE-POC