An issue was discovered in Pluck 4.7.9-dev1. It allows administrators to execute arbitrary code by using action=installmodule to upload a ZIP archive, which is then extracted and executed.
CPE | Name | Operator | Version |
---|---|---|---|
pluck | eq | 4.7.6 | |
pluck | eq | 4.7.8-dev1 | |
pluck | eq | 4.7.8-dev3 | |
pluck | eq | 4.7.7-dev2 | |
pluck | eq | 4.7.9-dev1 | |
pluck | eq | 4.7.3 | |
pluck | eq | 4.7 | |
pluck | eq | 4.7.2 | |
pluck | eq | 4.744 | |
pluck | eq | 4.7.8-dev2 |