Skip to main content

Pluxml CVE-2012-4674

MEDIUM
Information Exposure (CWE-200)
2012-08-26 cve@mitre.org
5.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:P/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 26, 2012 - 18:55 cve.org
MEDIUM 5.0

DescriptionCVE.org

PluXml before 5.1.6 allows remote attackers to obtain the installation path via the PHPSESSID.

AnalysisAI

PluXml before 5.1.6 allows remote attackers to obtain the installation path via the PHPSESSID. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. PluXml before 5.1.6 allows remote attackers to obtain the installation path via the PHPSESSID. Affected products include: Pluxml. Version information: before 5.1.6.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

More in Pluxml

View all
CVE-2012-2227 HIGH POC
7.5 Aug 26

Directory traversal vulnerability in update/index.php in PluXml before 5.1.6 allows remote attackers to include and exec

CVE-2020-18185 CRITICAL POC
9.8 Oct 02

class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a l

CVE-2022-25018 HIGH POC
8.8 Mar 01

Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static page

CVE-2024-22636 HIGH POC
8.8 Jan 25

PluXml Blog v5.8.9 was discovered to contain a remote code execution (RCE) vulnerability in the Static Pages feature. Ra

CVE-2022-25020 MEDIUM POC
5.4 Mar 01

A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML vi

CVE-2021-38603 MEDIUM POC
4.8 Aug 12

PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field. Rated medium severity (CVSS 4.8), this v

CVE-2021-38602 MEDIUM POC
4.8 Aug 12

PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content. Rated medium severity (CVSS 4.8), this vulnerabi

CVE-2017-1001001 MEDIUM
5.4 Nov 01

PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which c

CVE-2026-24350 MEDIUM
5.4 Feb 27

Stored XSS in PluXml CMS file upload functionality allows authenticated attackers to embed malicious payloads in SVG fil

CVE-2025-70129 MEDIUM
5.3 Mar 10

If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generate

CVE-2026-24351 MEDIUM
5.1 Feb 27

PluXml CMS versions 5.8.21 and 5.9.0-rc7 contain a stored cross-site scripting vulnerability in the static pages editor

CVE-2012-4675 MEDIUM
4.3 Aug 26

Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote attackers to inject arbitrary web script or HTML

Share

CVE-2012-4674 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy