Remote Code Execution Vulnerability in PluXml v5.8.16 and Lower
CVE-2024-48138

Currently unrated

Key Information:

Vendor: PluXml
Vendor: CVE Published:; 29 October 2024

What is CVE-2024-48138?

A remote code execution (RCE) vulnerability in the component /PluXml/core/admin/parametres_edittpl.php of PluXml v5.8.16 and lower allows attackers to execute arbitrary code via injecting a crafted payload into a template.

References

https://github.com/pluxml/PluXml/issues/829

Timeline

Vulnerability published
Oct 29, 2024

JSON