CVE-2020-18184

In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametres_edittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
VendorProductVersion
pluxxmlpluxxml
5.7
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pluxml
noble
dne
mantic
dne
lunar
dne
kinetic
dne
jammy
deferred
impish
ignored
hirsute
ignored
groovy
ignored
focal
deferred
bionic
deferred
xenial
needs-triage
trusty
dne
References
https://github.com/pluxml/PluXml/issues/320
https://github.com/pluxml/PluXml/issues/320