- EPSS 7.94%
- Veröffentlicht 27.08.2008 23:41:00
- Zuletzt bearbeitet 16.06.2026 22:56:40
Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/pred...
CVE-2008-3574
- EPSS 1.51%
- Veröffentlicht 10.08.2008 20:41:00
- Zuletzt bearbeitet 16.06.2026 22:56:04
Multiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lang_footer parameter to (a) data/inc/footer.php; the (2) pluck_version, (...
CVE-2008-3194
- EPSS 2.55%
- Veröffentlicht 16.07.2008 18:41:00
- Zuletzt bearbeitet 16.06.2026 22:55:20
Multiple directory traversal vulnerabilities in data/inc/themes/predefined_variables.php in pluck 4.5.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) langpref, (2) file, (3) blogpost, or (4) cat par...
- EPSS 1.48%
- Veröffentlicht 08.08.2007 01:17:00
- Zuletzt bearbeitet 16.06.2026 22:43:32
Directory traversal vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to read arbitrary local files via a .. (dot dot) in the file parameter. NOTE: CVE and a reliable third party dispute this...
CVE-2007-4181
- EPSS 1.55%
- Veröffentlicht 08.08.2007 01:17:00
- Zuletzt bearbeitet 16.06.2026 22:43:33
PHP remote file inclusion vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: A reliable third party disputes this vulnerabil...