Remote Code Execution Vulnerability in PluXml Blog by Capturedown
CVE-2024-22636

8.8HIGH

Key Information:

Vendor: Pluxml
Status: Pluxml
Vendor: CVE Published:; 25 January 2024

What is CVE-2024-22636?

The PluXml Blog v5.8.9 has a vulnerability affecting the Static Pages feature, enabling remote code execution (RCE). Attackers can exploit this security flaw by injecting a malicious payload into the Content field, potentially compromising the integrity and confidentiality of the system. As this vulnerability may allow unauthorized access and control over the affected platform, it emphasizes the need for immediate patching and mitigation strategies.

References

https://github.com/capture0x/PluXml-RCE/blob/main/PluXml.txt

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 25, 2024
Vulnerability Reserved
Jan 11, 2024

JSON

Pluxml

What is CVE-2024-22636?

References

CVSS V3.1

Timeline