11 matches found
EUVD-2024-49919
Malicious code in bioql PyPI...
CVE-2024-9405
An incorrect limitation of a path to a restricted directory path traversal has been detected in Pluck CMS, affecting version 4.7.18. An unauthenticated attacker could extract sensitive information from the server via the absolute path of a file located in the same directory or subdirectory as the...
CVE-2024-9405
Vulnerability summary (CVE-2024-9405): Pluck CMS v4.7.18 contains an incorrect restriction of a path to a restricted directory (path traversal). An unauthenticated attacker could read sensitive information from files in the same directory or its subdirectories by using the absolute path of a file...
CVE-2024-43042
Pluck CMS 4.7.18 does not restrict failed login attempts, allowing attackers to execute a brute force attack...
CVE-2024-43042
CVE-2024-43042 affects Pluck CMS 4.7.18: the login subsystem does not limit failed attempts, enabling brute-force-style access attempts over the network. Public sources in the connected documents corroborate the issue's existence and classify it as high severity (CVSSv3.1: 9.8, Confidentiality, I...
Pluck CMS Cross-Site Scripting Vulnerability
Pluck is a content management system CMS developed using the PHP language. A cross-site scripting vulnerability exists in Pluck CMS version 4.7.18, which stems from unknown code in install.php in the component Installation Handler, resulting in cross-site scripting. An attacker can exploit this...
CVE-2023-5013
A vulnerability has been found in Pluck CMS 4.7.18 and classified as problematic. This vulnerability affects unknown code of the file install.php of the component Installation Handler. The manipulation of the argument contents with the input alert'xss' leads to cross site scripting. The attack ca...
CVE-2023-5013
Pluck CMS 4.7.18 is affected by a cross-site scripting vulnerability in the Installation Handler’s install.php. The issue arises from manipulating the contents argument to inject , allowing remote execution of XSS with low attack complexity according to the sources. Exploitation has been publiciz...
Pluck CMS 跨站脚本漏洞
Pluck is a content management system CMS developed using the PHP language. A cross-site scripting vulnerability exists in Pluck CMS version 4.7.18, which stems from unknown code in install.php in the component Installation Handler, resulting in cross-site scripting. An attacker can exploit this...
Pluck 4.7.18 Remote Shell Upload
Title: pluck-4.7.18 - FI + RCE. Author: nu11secur1ty Date: 07.19.2023 Vendor: https://github.com/pluck-cms/pluck/wiki Software: https://github.com/pluck-cms/pluck Reference: https://portswigger.net/daily-swig/rce Reference: https://portswigger.net/web-security/file-upload Description: The attacke...
Multiple Vulnerabilities in TYPO3 CMS
It has been discovered that TYPO3 CMS is vulnerable to Cross-Site Scripting, Insecure Unserialize, Improper Session Invalidation, Authentication Bypass, Information Disclosure and Host Spoofing. Component Type: TYPO3 CMS Vulnerability Types: Cross-Site Scripting, Insecure Unserialize, Improper...