CVE-2025-46099
- EPSS 0.1%
- Veröffentlicht 23.07.2025 00:00:00
- Zuletzt bearbeitet 14.10.2025 14:10:12
In Pluck CMS 4.7.20-dev, an authenticated attacker can upload or create a crafted PHP file under the albums module directory and access it via the module routing logic in albums.site.php, resulting in arbitrary command execution through a GET paramet...
CVE-2024-9405
- EPSS 1.26%
- Veröffentlicht 01.10.2024 12:15:03
- Zuletzt bearbeitet 04.10.2024 13:51:25
An incorrect limitation of a path to a restricted directory (path traversal) has been detected in Pluck CMS, affecting version 4.7.18. An unauthenticated attacker could extract sensitive information from the server via the absolute path of a file loc...
CVE-2020-20718
- EPSS 0.61%
- Veröffentlicht 20.06.2023 15:15:10
- Zuletzt bearbeitet 10.12.2024 18:15:22
File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote attacker to execute arbitrary code via a crafted image file to the the save_file() parameter.
CVE-2019-1010062
- EPSS 0.43%
- Veröffentlicht 16.07.2019 13:15:11
- Zuletzt bearbeitet 21.11.2024 04:17:57
PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. The impact is: get webshell. The component is: data/inc/images.php line36. The attack vector is: modify the MIME TYPE on HTTP request to upload a php ...