3 results (0.003 seconds)

CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0

Pluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization process before being available on the site. Due to lack of file extension validation, it is possible to upload a crafted JPEG payload containing an embedded PHP web-shell. An attacker may navigate to it directly to achieve RCE on the underlying web server. • https://www.synopsys.com/blogs/software-security/pluck-cms-vulnerability • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.2EPSS: 3%CPEs: 1EXPL: 6

A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution. Una vulnerabilidad de omisión de restricción de carga de archivos en Pluck CMS versiones anteriores a 4.7.13, permite a un usuario con privilegios de administrador conseguir acceso en el host por medio de la funcionalidad "manage files", lo que puede resultar en una ejecución de código remota Pluck CMS version 4.7.13 suffers from a remote shell upload vulnerability. • https://www.exploit-db.com/exploits/49909 https://github.com/0xAbbarhSF/CVE-2020-29607 https://github.com/0xN7y/CVE-2020-29607 http://packetstormsecurity.com/files/162785/Pluck-CMS-4.7.13-Remote-Shell-Upload.html https://github.com/Hacker5preme/Exploits/tree/main/CVE-2020-29607-Exploit https://github.com/pluck-cms/pluck/issues/96 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1

data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute arbitrary code by uploading a .htaccess file that specifies SetHandler x-httpd-php for a .txt file, because only certain PHP-related filename extensions are blocked. Vulnerabilidad en archivo Data/Inc/files.php en Pluck versión 4.7.8 permite a los atacantes remotos ejecutar código arbitrario cargando un archivo .htaccess que especifica SetHandler x-httpd-php para un archivo .txt, debido a que solo se bloquean ciertas extensiones de nombre de archivo relacionadas con PHP. • https://github.com/pluck-cms/pluck/issues/72 • CWE-434: Unrestricted Upload of File with Dangerous Type •