PHP Code Execution Vulnerability in PluXml Web Publishing System
CVE-2020-18185

9.8CRITICAL

Key Information:

Vendor: Pluxml
Status: Pluxml
Vendor: CVE Published:; 2 October 2020

What is CVE-2020-18185?

A vulnerability in PluXml 5.7, specifically in the class.plx.admin.php file, permits attackers to execute arbitrary PHP code. This is achieved by manipulating the configuration file within a Linux environment, which may lead to significant security risks. It is crucial for users to be aware of this flaw to mitigate potential attacks and safeguard their web applications.

References

https://github.com/pluxml/PluXml/issues/321

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 2, 2020
Vulnerability Reserved
Aug 13, 2020

JSON

Pluxml

What is CVE-2020-18185?

References

CVSS V3.1

Timeline