CVSS: 4.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-27082
https://notcve.org/view.php?id=CVE-2023-27082
Cross Site Scripting (XSS) vulnerability in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev4 allows remote attackers to run arbitrary code via upload of crafted html file. • https://medium.com/%40syed.pentester/authenticated-stored-cross-site-scripting-xss-d39aab69e58f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0CVE-2023-27083
https://notcve.org/view.php?id=CVE-2023-27083
An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality. • https://medium.com/%40syed.pentester/authenticated-remote-code-execution-rce-on-pluckcms-4-7-15-c309ac1bd145 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20918
https://notcve.org/view.php?id=CVE-2020-20918
An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page. • https://github.com/pluck-cms/pluck/issues/80 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20919
https://notcve.org/view.php?id=CVE-2020-20919
File upload vulnerability in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary code and access sensitive information via the theme.php file. • https://github.com/pluck-cms/pluck/issues/85 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20969
https://notcve.org/view.php?id=CVE-2020-20969
File Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacker to execute arbitrary code via the trashcan_restoreitem.php file. • https://github.com/pluck-cms/pluck/issues/86 • CWE-434: Unrestricted Upload of File with Dangerous Type •