CVE-2024-22636

{"id": "CVE-2024-22636", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-01-25T21:15:09.380", "references": [{"url": "https://github.com/capture0x/PluXml-RCE/blob/main/PluXml.txt", "tags": ["Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "PluXml Blog v5.8.9 was discovered to contain a remote code execution (RCE) vulnerability in the Static Pages feature. This vulnerability is exploited via injecting a crafted payload into the Content field."}, {"lang": "es", "value": "Se descubri\u00f3 que PluXml Blog v5.8.9 contiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) en la funci\u00f3n Static Pages. Esta vulnerabilidad se explota inyectando un payload dise\u00f1ado en el campo Content."}], "lastModified": "2024-01-29T15:57:32.540", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pluxml:pluxml:5.8.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FFFDBCD0-B737-4DE5-ABB5-171D353354B6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}