CVE-2025-57567

A remote code execution RCE vulnerability exists in the PluXml CMS theme editor, specifically in the minify.php file located under the default theme directory /themes/defaut/css/minify.php. An authenticated administrator user can overwrite this file with arbitrary PHP code via the admin panel,...

CVE-2025-57567

A remote code execution RCE vulnerability exists in the PluXml CMS theme editor, specifically in the minify.php file located under the default theme directory /themes/defaut/css/minify.php. An authenticated administrator user can overwrite this file with arbitrary PHP code via the admin panel,...

PluXml 安全漏洞

PluXml is a free open source content management system from PluXml Open Source that does not require a database to work. A security vulnerability exists in PluXml that stems from a minify.php file in the default theme directory that allows administrators to override arbitrary PHP code via the adm...

CVE-2025-57567

The CVE-2025-57567 entry concerns PluXml CMS. A vulnerability in the default theme’s minify.php (path: /themes/defaut/css/minify.php) can be triggered by an authenticated administrator who overwrites the file with arbitrary PHP code via the admin panel, enabling remote code execution (system comm...

Malicious code in @cewe-phoenix-themes/default-theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b8fefa5fe5221477fe4ca130e84721255986e7b048f3e5922c99cac89d94df83 The OpenSSF Package Analysis project identified '@cewe-phoenix-themes/default-theme' @ 99.9.1 npm as malicious. It is considered malicious...

Malicious code in @douinfe/semi-theme-default (npm)

--- -= Per source details. Do not edit below this line.=-...

Fedora 14 : phpMyAdmin-3.4.1-1.fc14 (2011-7702)

Welcome to phpMyAdmin 3.4, presenting a new default theme. This release contains new features, especially : - User preferences - Relation schema export to multiple formats - ENUM/SET editor - Simplified interface for export/import - AJAXification of some parts - Charts - Visual query builder and...

Fedora 13 : phpMyAdmin-3.4.1-1.fc13 (2011-7703)

Welcome to phpMyAdmin 3.4, presenting a new default theme. This release contains new features, especially : - User preferences - Relation schema export to multiple formats - ENUM/SET editor - Simplified interface for export/import - AJAXification of some parts - Charts - Visual query builder and...

Mandriva 2011 Beta 2 is Available for Testing !

Mandriva 2011 Beta 2 is Available for Testing ! Mandriva 2011 beta 2 was supposed to be released a week ago, but the release schedule was delayed by last minute defects discovered by the development and testing teams. In order to get hold of beta 2, you can visit your favorite Mandriva mirror and...

CVE-2010-3457

Multiple cross-site scripting XSS vulnerabilities in Symphony CMS 2.0.7 and 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 fieldswebsite parameter in the post comments feature in articles/a-primer-to-symphony-2s-default-theme/ or 2 send-emailrecipient parameter to...

PT-2009-2014 · Simple Machines · Simple Machines Forum

Name of the Vulnerable Software and Affected Versions: Simple Machines Forum SMF version 1.1.4 Description: The issue allows remote attackers to potentially execute arbitrary PHP code. This is achieved via a URL in the settingsdefault theme dir parameter to "Sources/Subs-Graphics.php" and...

CVE-2008-2840

Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the theme parameter to 1 custompage.php, 2 errors/404.php, 3 members/memberslist.php, 4 members/profile.php, 5 news/fullview.php, 6...

Directory traversal

Multiple directory traversal vulnerabilities in the Default theme in Exero CMS 1.0.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the theme parameter to 1 index.php, 2 editpassword.php, and 3 avatar.php in usercp/; 4 custompage.php; 5...

WordPress Default Theme <= 2.2 - XSS

Because of this vulnerability, the authenticated administrators can inject arbitrary web script or HTML. Solution Update the theme...

Wordpress default theme XSS &#40;admin&#41; and other problems

There is an XSS in the Wordpress default theme. Tested on WordPress version 2.2 Filename functions.php, line 387. Code: form style="display: inline" method="post" name="hicolor" id="hicolor" action="?php echo $SERVER'REQUESTURI'; ?" $SERVER'REQUESTURI' is directly echoed to the user. This problem...

Directory traversal

Directory traversal vulnerability in Net Portal Dynamic System NPDS 5.10 and earlier allows remote attackers to read arbitrary files via a .. dot dot sequence and trailing null %00 byte in the 1 DefaultTheme parameter to header.php or 2 ModPath parameter to modules/cluster-paradise/cluster-E.php...