CVE-2025-67436

Опубликовано: 22 дек. 2025

Источник: debian

EPSS Низкий

Описание

Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file (e.g., home.php).

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
pluxml	removed			package

EPSS

Процентиль: 37%

0.00161

Низкий

Связанные уязвимости

CVE-2025-67436

CVSS3: 6.5

ubuntu

4 месяца назад

Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file (e.g., home.php).

CVE-2025-67436

CVSS3: 6.5

nvd

4 месяца назад

Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file (e.g., home.php).

GHSA-9gf5-28vp-q243

CVSS3: 6.5

github

4 месяца назад

Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file (e.g., home.php).

EPSS

Процентиль: 37%

0.00161

Низкий