CVE-2021-31746

Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to upload specially crafted zip files, resulting in directory traversal and potentially arbitrary code execution...

EUVD-2021-14702

Malware in sbrugna...

Invision Community 4.7.15 SQL Injection

-------------------------------------------------------------------- Invision Community filter and \isarray \IPS\Request::i-filter 128 129 $url = $url-setQueryString 'filter', \IPS\Request::i-filter ; 130 foreach \IPS\Request::i-filter as $filterId = $allowedValues 131 132 $where = array...

PT-2023-20940 · Pluck Cms · Pluck Cms

Name of the Vulnerable Software and Affected Versions: Pluck CMS versions 4.7.15 through 4.7.16-dev4 Description: The issue is related to a Cross Site Scripting XSS vulnerability. It affects the /admin.php endpoint, allowing remote attackers to run arbitrary code via the upload of a crafted html...

CVE-2023-27083

An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality...

Pluck 代码问题漏洞

Pluck is a content management system CMS developed using the PHP language. A security vulnerability exists in Pluck CMS versions 4.7.15 through 4.7.16-dev5. An attacker can exploit the vulnerability to run arbitrary code via the Manage Files feature...

Authentication Remote Code Execution

Description Found authenticated Remote Code Execution RCE on pluck 4.7.15 While reading the source code found blacklisted extension are mentioned in the file data/inc/files.php at line 44 and 45. File upload function validating the file extension is match any one of the following extension .php,...

Pluck跨站请求伪造漏洞

Pluck is a content management system CMS developed using the PHP language. A security vulnerability exists in Pluck CMS v4.7.15 that allows an attacker to delete arbitrary pages...

Pluck Path Traversal Vulnerability

Pluck is a content management system CMS developed using the PHP language. A security vulnerability exists in Pluck-CMS Pluck that stems from a Zip Slip vulnerability in Pluck-CMS Pluck version 4.7.15 that allows an attacker to upload specially crafted zip files, leading to directory traversal an...

CVE-2021-27984

In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files...

CVE-2021-31747

Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in updateapplet.php, which could lead to man-in-the-middle attacks...

CVE-2021-27984

In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files...

CVE-2021-31747

Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in updateapplet.php, which could lead to man-in-the-middle attacks...

Design/Logic Flaw

In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files...

Input validation

Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in updateapplet.php, which could lead to man-in-the-middle attacks...

CVE-2021-27984

In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files...

CVE-2021-31747

Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in updateapplet.php, which could lead to man-in-the-middle attacks...

CVE-2021-31747

CVE-2021-31747 : In Pluck 4.7.15, the code path update_applet.php omits SSL certificate validation, enabling potential man-in-the-middle attacks. Affected component is the update mechanism in Pluck-CMS; impact is limited to MITM risk described in multiple sources (e.g., NVD/Red Hat/CNVD entries)....

CVE-2021-31746

CVE-2021-31746 affects Pluck-CMS Pluck 4.7.15. The connected Red Hat, CNVD, OSV, NVD, CNVD and other records describe a Zip Slip vulnerability that allows uploading specially crafted zip files, causing directory traversal and potentially arbitrary code execution. The core details in the sources a...

CVE-2021-31745

CVE-2021-31745 affects Pluck-CMS (Pluck 4.7.15). A session-fixation vulnerability in login.php allows an attacker to sustain unauthorized access because prior sessions are not invalidated after a password change. The available documents describe the issue and do not specify a patch version or con...