RajChowdhury240/CVE-2025-67435

Releases0

Stars1

A critical Remote Code Execution (RCE) vulnerability has been identified in PluXML CMS version 5.8.22. This vulnerability allows authenticated administrators to execute arbitrary PHP code on the web server by uploading malicious PHP web shells through the theme editor functionality.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-67436 ↗	Dec 22, 2025Monday, 22 December 2025, 22:16	6.5 MEDIUM	—
Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file (e.g., home.php).