CVE-2025-67436

Опубликовано: 22 дек. 2025

Источник: debian

Описание

Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file (e.g., home.php).

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
pluxml	removed			package

Связанные уязвимости

CVE-2025-67436

CVSS3: 6.5

ubuntu

около 2 месяцев назад

Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file (e.g., home.php).

CVE-2025-67436

CVSS3: 6.5

nvd

около 2 месяцев назад

Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file (e.g., home.php).

GHSA-9gf5-28vp-q243

CVSS3: 6.5

github

около 2 месяцев назад

Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file (e.g., home.php).