Vulnerabilities > CVE-2024-22636 - Unspecified vulnerability in Pluxml 5.8.9

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

pluxml

NVD

Published: 2024-01-25

Updated: 2024-11-21

Summary

PluXml Blog v5.8.9 was discovered to contain a remote code execution (RCE) vulnerability in the Static Pages feature. This vulnerability is exploited via injecting a crafted payload into the Content field.

Vulnerable Configurations

Part	Description	Count
Application	Pluxml Pluxml Pluxml 5.8.9	1

References

https://github.com/capture0x/PluXml-RCE/blob/main/PluXml.txt
https://github.com/capture0x/PluXml-RCE/blob/main/PluXml.txt