PT-2019-12143 · Schlix · Schlix Cms
Published
2019-10-24
·
Updated
2024-08-04
·
CVE-2019-11021
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Schlix CMS version 2.1.8-7
Description
The issue allows authenticated unrestricted file upload, leading to remote code execution. This can be achieved through the
admin/app/mediamanager endpoint. It requires admin permission to exploit, making it less likely for an administrator to intentionally exploit this on their own site.Recommendations
For Schlix CMS version 2.1.8-7, consider restricting access to the
admin/app/mediamanager endpoint until a fix is available, and ensure that admin permissions are tightly controlled to minimize the risk of exploitation.Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Schlix Cms