CVE-2025-67436

Опубликовано: 22 дек. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file (e.g., home.php).

Ссылки

https://github.com/RajChowdhury240/CVE-2025-67435/
Exploit
Third Party Advisory
https://github.com/pluxml/PluXml
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pluxml:pluxml:5.8.22:*:*:*:*:*:*:*

EPSS

Процентиль: 37%

0.00161

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-77

Связанные уязвимости

CVE-2025-67436

CVSS3: 6.5

ubuntu

4 месяца назад

Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file (e.g., home.php).

CVE-2025-67436

CVSS3: 6.5

debian

4 месяца назад

Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows ...

GHSA-9gf5-28vp-q243

CVSS3: 6.5

github

4 месяца назад

Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file (e.g., home.php).

EPSS

Процентиль: 37%

0.00161

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-77