Pluxml v5.8.7 exists to allow malicious users to execute arbitrary code via crafted PHP code inserted into static pages.
pluxml pluxml 5.8.7
PluXml 587 RCE Used for practice on CTF machine, requires valid credentials References nvdnistgov/vuln/detail/CVE-2022-25018 githubcom/MoritzHuppert/CVE-2022-25018/blob/main/CVE-2022-25018pdf