Lucene search
K

497 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:27 a.m.5 views

CVE-2023-27083

An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality...

7.2CVSS7.6AI score0.0121EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:11 a.m.5 views

CVE-2022-26589

A Cross-Site Request Forgery CSRF in Pluck CMS v4.7.15 allows attackers to delete arbitrary pages...

6.5CVSS7.2AI score0.00469EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:36 p.m.7 views

CVE-2022-27432

A Cross-Site Request Forgery CSRF in Pluck CMS v4.7.15 allows attackers to change the password of any given user by exploiting this feature leading to account takeover...

8.8CVSS7.2AI score0.00554EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:8 p.m.8 views

CVE-2020-20918

An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page...

7.2CVSS7.7AI score0.01137EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 5:5 p.m.10 views

CVE-2020-20951

In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when uploading files...

9.8CVSS7.2AI score0.04028EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 5:5 p.m.6 views

CVE-2020-20919

File upload vulnerability in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary code and access sensitive information via the theme.php file...

7.2CVSS7.6AI score0.01256EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:5 p.m.16 views

CVE-2020-21564

An issue was discovered in Pluck CMS 4.7.10-dev2 and 4.7.11. There is a file upload vulnerability that can cause a remote command execution via admin.php?action=files...

8.8CVSS7.3AI score0.03455EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:54 p.m.6 views

CVE-2020-18198

Cross Site Request Forgery CSRF in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete specific images via the component " /admin.php?action=images."...

8.8CVSS8.2AI score0.00932EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:53 p.m.4 views

CVE-2020-18195

Cross Site Request Forgery CSRF in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific article via the component " /admin.php?action=page."...

8.8CVSS8.2AI score0.00932EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 7:57 a.m.11 views

CVE-2018-11736

An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file...

9.8CVSS8AI score0.08573EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:41 a.m.3 views

CVE-2018-11331

An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess...

9.8CVSS7.7AI score0.02263EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:32 a.m.10 views

CVE-2018-11330

An issue was discovered in Pluck before 4.7.6. There is authenticated stored XSS because the character set for filenames is not properly restricted...

4.8CVSS5.7AI score0.00653EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:56 a.m.9 views

CVE-2012-1227

Multiple cross-site request forgery CSRF vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that 1 modify the admin email address or 2 modify the blog title via a settings action; 3 add a page via an editpage action, or 4 add a...

6.8CVSS7.6AI score0.00682EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/16 4:2 p.m.23 views

CVE-2020-29607

A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution...

7.2CVSS7.6AI score0.33428EPSS
Exploits6
GithubExploit
GithubExploit
added 2024/12/22 12:41 p.m.448 views

Exploit for Unrestricted Upload of File with Dangerous Type in Pluck-Cms Pluck

CVE-2023-50564 CVE-2023-50564 is an RCE vulnerability in Pluc...

8.8CVSS9.3AI score0.29069EPSS
Exploits11
GithubExploit
GithubExploit
added 2024/10/27 8:21 p.m.69 views

Exploit for Unrestricted Upload of File with Dangerous Type in Pluck-Cms Pluck

CVE-2023-50564 - Pluck CMS v4.7.18 Remote Code Execution RCE...

8.8CVSS9.5AI score0.29069EPSS
Exploits11
GithubExploit
GithubExploit
added 2024/10/27 8:21 p.m.113 views

Exploit for Unrestricted Upload of File with Dangerous Type in Pluck-Cms Pluck

CVE-2023-50564 - Pluck CMS v4.7.18 Remote Code Execution RCE...

8.8CVSS9.5AI score0.29069EPSS
Exploits11
GithubExploit
GithubExploit
added 2024/10/27 8:21 p.m.163 views

Exploit for Unrestricted Upload of File with Dangerous Type in Pluck-Cms Pluck

CVE-2023-50564 - Pluck CMS v4.7.18 Remote Code Execution RCE...

8.8CVSS9.5AI score0.29069EPSS
Exploits11
GithubExploit
GithubExploit
added 2024/10/15 3:58 p.m.528 views

Exploit for Unrestricted Upload of File with Dangerous Type in Pluck-Cms Pluck

CVE-2023-50564 - Pluck CMS v4.7.18 Exploit Overview This...

8.8CVSS9.5AI score0.29069EPSS
Exploits11
NVD
NVD
added 2024/10/01 12:15 p.m.44 views

CVE-2024-9405

An incorrect limitation of a path to a restricted directory path traversal has been detected in Pluck CMS, affecting version 4.7.18. An unauthenticated attacker could extract sensitive information from the server via the absolute path of a file located in the same directory or subdirectory as the...

5.3CVSS0.00457EPSS
Exploits0References1
Rows per page
Query Builder