CNNVD-202510-2414 Information

CNNVD ID

CNNVD-202510-2414

Related CVE

CVE-2025-57567

• CNNVD Published: 2025-10-17

Description (Chinese)

PluXml是PluXml开源的一个免费的开源内容管理系统，不需要数据库即可工作。 PluXml存在安全漏洞，该漏洞源于默认主题目录下的minify.php文件允许管理员通过管理面板覆盖任意PHP代码，可能导致远程代码执行。

Description (English)

PluXml is a free open-source content management system for the PluXml open source, which can work without a database. PluXml has a security loophole, which stems from the default theme directory of Minify.php files allowing administrators to overwrite any PHP code through the management panel, which may lead to remote code execution.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

PluXml

Published

2025-10-17

Last Modified

2026-02-24

References

http://pluxml.com https://github.com/lukehebe/Vulnerability-Disclosures/blob/main/CVE-2025-57567.pdf https://access.redhat.com/security/cve/cve-2025-57567