CVE-2025-67436

Medium CVSS: 6.5

Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file (e.g., home.php).

Vendor

Pluxml

Product

Pluxml

CWE

CWE-77

Yayın Tarihi

2025-12-22 22:16:08

Güncelleme

2026-01-02 16:58:24

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-77 Pluxml MEDIUM Pluxml 2025

Referanslar

https://github.com/RajChowdhury240/CVE-2025-67435/ https://github.com/pluxml/PluXml

Benzer Kayıtlar

Medium

CVE-2025-70128

A Stored Cross-Site Scripting (XSS) vulnerability exists in the PluXml article comments feature for PluXml versions 5.8.…

Medium

CVE-2025-70129

If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generate…

Medium

CVE-2026-24351

PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can injec…

Medium

CVE-2026-24352

PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the sa…

Medium

CVE-2026-24350

PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file…

Medium

CVE-2025-15438

A vulnerability was determined in PluXml up to 5.8.22. Affected is the function FileCookieJar::__destruct of the file co…