CVE-2023-31505

Name of the Vulnerable Software and Affected Versions Schlix CMS version 2.2.8-1

Description The issue is related to an arbitrary file upload vulnerability in the core.mediamanager component of Schlix CMS, which allows remote authenticated attackers to execute arbitrary code and obtain sensitive information via a crafted .phtml file. This vulnerability may allow a remote attacker to perform remote code execution on the server. As of now, there is no official fix or patch available to address this flaw.

Recommendations For Schlix CMS version 2.2.8-1, as a temporary workaround, consider disabling the file upload functionality until a patch is available. Restrict access to the core.mediamanager component to minimize the risk of exploitation. Avoid using the file upload feature in the affected version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.