CNNVD-202512-3910 Information

CNNVD ID

CNNVD-202512-3910

Related CVE

CVE-2025-67436

• CNNVD Published: 2025-12-22

Description (Chinese)

PluXml是PluXml开源的一个免费的开源内容管理系统，不需要数据库即可工作。 PluXml 5.8.22版本存在安全漏洞，该漏洞源于具有管理员面板访问权限的攻击者可将恶意PHP webshell注入主题文件，可能导致远程代码执行。

Description (English)

PluXml is a free open-source content management system for the PluXml open source, which can work without a database. Version 5.8.22 of PluXml contains a security loophole that stems from the fact that the assailants with access to the administrator panel can inject malicious PHP webshell into the subject file, which may lead to remote code implementation.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

PluXml

Published

2025-12-22

Last Modified

2026-02-24

References

https://github.com/pluxml/PluXml https://github.com/RajChowdhury240/CVE-2025-67435/ https://access.redhat.com/security/cve/cve-2025-67436