16 matches found
CVE-2026-16205
A weakness has been identified in Pluck CMS up to 4.7.21. This vulnerability affects the function htmlspecialcharsdecode of the file data/modules/albums/albums.admin.php of the component Albums Module. Executing a manipulation of the argument Info can lead to cross site scripting. It is possible ...
CVE-2026-16205 Pluck CMS Albums albums.admin.php htmlspecialchars_decode cross site scripting
A weakness has been identified in Pluck CMS up to 4.7.21. This vulnerability affects the function htmlspecialcharsdecode of the file data/modules/albums/albums.admin.php of the component Albums Module. Executing a manipulation of the argument Info can lead to cross site scripting. It is possible ...
CVE-2026-16205
In Pluck CMS up to version 4.7.21, the vulnerability affects the Albums Module (data/modules/albums/albums.admin.php) via the function htmlspecialchars_decode. Manipulating the Info argument can trigger cross-site scripting, with remote exploitation possible. Public exploit exists. The project wa...
EUVD-2026-45416
A weakness has been identified in Pluck CMS up to 4.7.21. This vulnerability affects the function htmlspecialcharsdecode of the file data/modules/albums/albums.admin.php of the component Albums Module. Executing a manipulation of the argument Info can lead to cross site scripting. It is possible ...
PT-2026-61039
A weakness has been identified in Pluck CMS up to 4.7.21. This vulnerability affects the function htmlspecialchars decode of the file data/modules/albums/albums.admin.php of the component Albums Module. Executing a manipulation of the argument Info can lead to cross site scripting. It is possible...
EUVD-2025-22449
Malicious code in bioql PyPI...
EUVD-2023-29716
Malicious code in bioql PyPI...
CVE-2025-46099
In Pluck CMS 4.7.20-dev, an authenticated attacker can upload or create a crafted PHP file under the albums module directory and access it via the module routing logic in albums.site.php, resulting in arbitrary command execution through a GET parameter...
CVE-2025-46099
In Pluck CMS 4.7.20-dev, an authenticated attacker can upload or create a crafted PHP file under the albums module directory and access it via the module routing logic in albums.site.php, resulting in arbitrary command execution through a GET parameter...
PT-2025-30156 · Pluck Cms · Pluck Cms
Name of the Vulnerable Software and Affected Versions: Pluck CMS version 4.7.20-dev Description: Pluck CMS contains a flaw that allows an authenticated attacker to upload or create a crafted PHP file within the albums module directory. This file can then be accessed through the module routing log...
Design/Logic Flaw
Pluck CMS is vulnerable to an authenticated remote code execution RCE vulnerability through its “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization process...
CVE-2023-25828
Pluck CMS (authenticated) is vulnerable to remote code execution via the albums module. A lack of file extension validation allows uploading a crafted JPEG payload containing an embedded PHP web-shell, which an authenticated admin can access to achieve RCE on the web server. Affected: Pluck CMS a...
CVE-2023-25828 Authenticate Remote Code Execution in Pluck CMS
Pluck CMS is vulnerable to an authenticated remote code execution RCE vulnerability through its “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization process...
CVE-2023-25828 Authenticate Remote Code Execution in Pluck CMS
Pluck CMS is vulnerable to an authenticated remote code execution RCE vulnerability through its “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization process...
PT-2023-20333 · Pluck Cms · Pluck Cms
Name of the Vulnerable Software and Affected Versions: Pluck CMS affected versions not specified Description: The issue concerns an authenticated remote code execution RCE vulnerability through the "albums" module. This module allows the creation of image collections that can be inserted into web...
Facil-CMS 0.1RC2 Multiple Remote Vulnerabilities
No description provided by source. Script Facil-CMS 0.1RC2 +download: http://sourceforge.net/project/platformdownload.php?groupid=217673 DORK inurl:modules.php?modload=News Copyright C 2008 by FacilCMS.org inurl: /facil-cms/ Author any.zicky Contact Me anydotzickyatgmaildotcom ; About Facil CMS i...