Your submission was sent successfully! Close

CVE-2020-18184

Published: 2 October 2020

In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametres_edittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template.

Notes

AuthorNote
seth-arnold
I've asked if this is an intentional feature or not; the
documentation suggests to me that it is intentional for the
administrator to be able to execute arbitrary code.
leosilva
deferred as no fix as 2021-10-19.
Priority

Medium

CVSS 3 base score: 7.2

Status

Package Release Status
pluxml
Launchpad, Ubuntu, Debian
bionic Deferred
(2021-10-19)
focal Deferred
(2021-10-19)
groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Deferred
(2021-10-19)
precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)