CVE-2025-67436

Published
View on NVD ↗
CVSS v3
6.5
MEDIUM
CVSS v2
N/A
Affected
2
PROJECTS

Description

Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file (e.g., home.php).

pluxml/PluXml
pluxml/PluXml
A CMS to create lightweight websites with ease and without database.
GitHubGitHub
231
RajChowdhury240/CVE-2025-67435
RajChowdhury240/CVE-2025-67435
A critical Remote Code Execution (RCE) vulnerability has been identified in PluXML CMS version 5.8.22. This vulnerability allows authenticated administrators to execute arbitrary PHP code on the web server by uploading malicious PHP web shells through the theme editor functionality.
GitHubGitHub
1