CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2019-9050
https://notcve.org/view.php?id=CVE-2019-9050
An issue was discovered in Pluck 4.7.9-dev1. It allows administrators to execute arbitrary code by using action=installmodule to upload a ZIP archive, which is then extracted and executed. Se ha descubierto un problema en Pluck 4.7.9-dev1. Permite que los administradores ejecuten código arbitrario utilizando action=installmodule para subir un archivo ZIP, que se extrae y ejecuta. • https://github.com/pluck-cms/pluck/issues/70 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-9049
https://notcve.org/view.php?id=CVE-2019-9049
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete modules via a /admin.php?action=module_delete&var1= URI. Se ha descubierto un problema en Pluck 4.7.9-dev1. Hay una vulnerabilidad Cross-Site Request Forgery (CSRF) que puede eliminar módulos mediante un URI /admin.php? • https://github.com/pluck-cms/pluck/issues/69 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-9051
https://notcve.org/view.php?id=CVE-2019-9051
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete articles via a /admin.php?action=deletepage&var1= URI. Se ha descubierto un problema en Pluck 4.7.9-dev1. Hay una vulnerabilidad Cross-Site Request Forgery (CSRF) que puede eliminar artículos mediante un URI /admin.php? • https://github.com/pluck-cms/pluck/issues/69 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-9048
https://notcve.org/view.php?id=CVE-2019-9048
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete a theme (aka topic) via a /admin.php?action=theme_delete&var1= URI. Se ha descubierto un problema en Pluck 4.7.9-dev1. Hay una vulnerabilidad Cross-Site Request Forgery (CSRF) que puede eliminar un tema (también conocido como "topic") mediante un URI /admin.php? • https://github.com/pluck-cms/pluck/issues/69 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-9052
https://notcve.org/view.php?id=CVE-2019-9052
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete pictures via a /admin.php?action=deleteimage&var1= URI. Se ha descubierto un problema en Pluck 4.7.9-dev1. Hay una vulnerabilidad Cross-Site Request Forgery (CSRF) que puede eliminar imágenes mediante un URI /admin.php? • https://github.com/pluck-cms/pluck/issues/69 • CWE-352: Cross-Site Request Forgery (CSRF) •