CVE-2023-25828

Authenticate Remote Code Execution in Pluck CMS

Severity Score

7.2

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Pluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization process before being available on the site. Due to lack of file extension validation, it is possible to upload a crafted JPEG payload containing an embedded PHP web-shell. An attacker may navigate to it directly to achieve RCE on the underlying web server. Administrator credentials for the Pluck CMS web interface are required to access the albums module feature, and are thus required to exploit this vulnerability. CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C (8.2 High)

*Credits: N/A

CVSS Scores

NISTv3.1 7.2

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-02-15 CVE Reserved
2023-03-27 CVE Published
2024-08-02 CVE Updated
2024-11-01 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-434: Unrestricted Upload of File with Dangerous Type

CAPEC

CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://www.synopsys.com/blogs/software-security/pluck-cms-vulnerability	2023-11-07

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Pluck-cms Search vendor "Pluck-cms"		Pluck Search vendor "Pluck-cms" for product "Pluck"				< 4.7.16 Search vendor "Pluck-cms" for product "Pluck" and version " < 4.7.16"		-		Affected
Pluck-cms Search vendor "Pluck-cms"		Pluck Search vendor "Pluck-cms" for product "Pluck"				4.7.16 Search vendor "Pluck-cms" for product "Pluck" and version "4.7.16"		dev1		Affected
Pluck-cms Search vendor "Pluck-cms"		Pluck Search vendor "Pluck-cms" for product "Pluck"				4.7.16 Search vendor "Pluck-cms" for product "Pluck" and version "4.7.16"		dev2		Affected
Pluck-cms Search vendor "Pluck-cms"		Pluck Search vendor "Pluck-cms" for product "Pluck"				4.7.16 Search vendor "Pluck-cms" for product "Pluck" and version "4.7.16"		dev3		Affected
Pluck-cms Search vendor "Pluck-cms"		Pluck Search vendor "Pluck-cms" for product "Pluck"				4.7.16 Search vendor "Pluck-cms" for product "Pluck" and version "4.7.16"		dev4		Affected