cvedb.io
CVE-2022-45544
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2023-02-07T16:15:08.607 · Last modified 2026-06-17T05:10:23.420

Summary

Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code via the tristao parameter. NOTE: this is disputed by the vendor because an admin is intentionally allowed to upload new executable PHP code, such as a theme that was obtained from a trusted source or was developed for their own website. Only an admin can upload such code, not someone else in an "attacker" role.

Affected products

schlix — cms

Does this affect you?

Add your gear to cvedb and we'll alert you only when schlix ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.