CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 2CVE-2009-1765 – Pluck CMS 4.6.2 - 'langpref' Local File Inclusion
https://notcve.org/view.php?id=CVE-2009-1765
Multiple directory traversal vulnerabilities in pluck 4.6.2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langpref parameter to (1) data/modules/contactform/module_info.php, (2) data/modules/blog/module_info.php, and (3) data/modules/albums/module_info.php, different vectors than CVE-2008-3194. Múltiples vulnerabilidades de salto de directorio en pluck v4.6.2, permite a atacantes remotos crear y ejecutar archivos de su elección a través de un .. (punto punto) en el parámtro langpref sobre (1) data/modules/contactform/module_info.php, (2) data/modules/blog/module_info.php, y (3) data/modules/albums/module_info.php, es un vector distinto a CVE-2008-3194. • https://www.exploit-db.com/exploits/8715 http://secunia.com/advisories/35145 http://www.securityfocus.com/bid/35007 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 2CVE-2008-6253 – Pluck CMS 4.5.3 - 'g_pcltar_lib_dir' Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-6253
Directory traversal vulnerability in data/inc/lib/pcltar.lib.php in Pluck 4.5.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the g_pcltar_lib_dir parameter. Vulnerabilidad de salto de directorio en data/inc/lib/pcltar.lib.php in Pluck v4.5.3, cuando register_globals está activado, permite a atacantes remotos incluir y ejecutar archivos locales de su elección a través de secuencias de salto de directorio en el parámetro "g_pcltar_lib_dir". • https://www.exploit-db.com/exploits/7153 http://secunia.com/advisories/32736 http://www.pluck-cms.org/index.php?file=kop11.php http://www.securityfocus.com/archive/1/498438 http://www.securityfocus.com/bid/32342 https://exchange.xforce.ibmcloud.com/vulnerabilities/46676 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •