CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2012-1227
https://notcve.org/view.php?id=CVE-2012-1227
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that (1) modify the admin email address or (2) modify the blog title via a settings action; (3) add a page via an editpage action, or (4) add a categorie via the blog module. Múltiples vulnerabilidades de falsificación de peticiones en sitios cruzados (CSRF) en admin.php en pluck v4.7, permite a atacantes remotos secuestrar la autenticación de los administradores para las peticiones que (1) modifican la dirección de correo electrónico de administración o (2) modifican el título del blog a través de una acción de configuración, (3) agregan una página a través de una acción editpage, o (4) añaden una categoría a través del módulo del blog. • http://osvdb.org/79005 http://secunia.com/advisories/47934 http://www.exploit-db.com/exploits/18474 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 2CVE-2008-6842 – Pluck CMS 4.6.1 - 'module_pages_site.php' Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-6842
Directory traversal vulnerability in data/modules/blog/module_pages_site.php in Pluck 4.6.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the post parameter. Vulnerabilidad de salto de directorio en data/modules/blog/module_pages_site.php en Pluck v4.6.1 permite a los atacantes remotos incluir e ejecutar arbitrariamente archivos locales a traves de ..(punto punto) el el parámetro post. • https://www.exploit-db.com/exploits/8271 http://secunia.com/advisories/34415 http://www.securityfocus.com/bid/34207 https://exchange.xforce.ibmcloud.com/vulnerabilities/49378 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 2CVE-2009-1765 – Pluck CMS 4.6.2 - 'langpref' Local File Inclusion
https://notcve.org/view.php?id=CVE-2009-1765
Multiple directory traversal vulnerabilities in pluck 4.6.2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langpref parameter to (1) data/modules/contactform/module_info.php, (2) data/modules/blog/module_info.php, and (3) data/modules/albums/module_info.php, different vectors than CVE-2008-3194. Múltiples vulnerabilidades de salto de directorio en pluck v4.6.2, permite a atacantes remotos crear y ejecutar archivos de su elección a través de un .. (punto punto) en el parámtro langpref sobre (1) data/modules/contactform/module_info.php, (2) data/modules/blog/module_info.php, y (3) data/modules/albums/module_info.php, es un vector distinto a CVE-2008-3194. • https://www.exploit-db.com/exploits/8715 http://secunia.com/advisories/35145 http://www.securityfocus.com/bid/35007 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 2CVE-2008-6253 – Pluck CMS 4.5.3 - 'g_pcltar_lib_dir' Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-6253
Directory traversal vulnerability in data/inc/lib/pcltar.lib.php in Pluck 4.5.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the g_pcltar_lib_dir parameter. Vulnerabilidad de salto de directorio en data/inc/lib/pcltar.lib.php in Pluck v4.5.3, cuando register_globals está activado, permite a atacantes remotos incluir y ejecutar archivos locales de su elección a través de secuencias de salto de directorio en el parámetro "g_pcltar_lib_dir". • https://www.exploit-db.com/exploits/7153 http://secunia.com/advisories/32736 http://www.pluck-cms.org/index.php?file=kop11.php http://www.securityfocus.com/archive/1/498438 http://www.securityfocus.com/bid/32342 https://exchange.xforce.ibmcloud.com/vulnerabilities/46676 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 2CVE-2008-3851 – Pluck CMS 4.5.2 - Multiple Local File Inclusions
https://notcve.org/view.php?id=CVE-2008-3851
Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/predefined_variables.php, as reachable through index.php; and the (4) blogpost and (5) cat parameters to data/inc/blog_include_react.php, as reachable through index.php. NOTE: the issue involving vectors 1 through 3 reportedly exists because of an incomplete fix for CVE-2008-3194. Múltiples vulnerabilidades de salto de directorio en Pluck CMS 4.5.2 en Windows permite a atacantes remotos incluir y ejecutar archivos locales de su elección mediante ..\ (punto punto barra invertida) en los parámetros (1) blogpost, (2) cat y (3) file a data/inc/themes/predefined_variables.php, como se llega a él mediante index.php; y lso parámetros (4) blogpost Y (5) cat a data/inc/blog_include_react.php, del modo que se llega a ellos mediante index.php. • https://www.exploit-db.com/exploits/6300 http://secunia.com/advisories/31607 http://securityreason.com/securityalert/4195 http://www.pluck-cms.org/releasenotes.php#4.5.3 http://www.securityfocus.com/archive/1/495706/100/0/threaded http://www.securityfocus.com/bid/30820 https://exchange.xforce.ibmcloud.com/vulnerabilities/44677 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •