497 matches found
CVE-2023-27083
An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality...
CVE-2022-26589
A Cross-Site Request Forgery CSRF in Pluck CMS v4.7.15 allows attackers to delete arbitrary pages...
CVE-2022-27432
A Cross-Site Request Forgery CSRF in Pluck CMS v4.7.15 allows attackers to change the password of any given user by exploiting this feature leading to account takeover...
CVE-2020-20918
An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page...
CVE-2020-20951
In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when uploading files...
CVE-2020-20919
File upload vulnerability in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary code and access sensitive information via the theme.php file...
CVE-2020-21564
An issue was discovered in Pluck CMS 4.7.10-dev2 and 4.7.11. There is a file upload vulnerability that can cause a remote command execution via admin.php?action=files...
CVE-2020-18198
Cross Site Request Forgery CSRF in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete specific images via the component " /admin.php?action=images."...
CVE-2020-18195
Cross Site Request Forgery CSRF in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific article via the component " /admin.php?action=page."...
CVE-2018-11736
An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file...
CVE-2018-11331
An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess...
CVE-2018-11330
An issue was discovered in Pluck before 4.7.6. There is authenticated stored XSS because the character set for filenames is not properly restricted...
CVE-2012-1227
Multiple cross-site request forgery CSRF vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that 1 modify the admin email address or 2 modify the blog title via a settings action; 3 add a page via an editpage action, or 4 add a...
CVE-2020-29607
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution...
Exploit for Unrestricted Upload of File with Dangerous Type in Pluck-Cms Pluck
CVE-2023-50564 CVE-2023-50564 is an RCE vulnerability in Pluc...
Exploit for Unrestricted Upload of File with Dangerous Type in Pluck-Cms Pluck
CVE-2023-50564 - Pluck CMS v4.7.18 Remote Code Execution RCE...
Exploit for Unrestricted Upload of File with Dangerous Type in Pluck-Cms Pluck
CVE-2023-50564 - Pluck CMS v4.7.18 Remote Code Execution RCE...
Exploit for Unrestricted Upload of File with Dangerous Type in Pluck-Cms Pluck
CVE-2023-50564 - Pluck CMS v4.7.18 Remote Code Execution RCE...
Exploit for Unrestricted Upload of File with Dangerous Type in Pluck-Cms Pluck
CVE-2023-50564 - Pluck CMS v4.7.18 Exploit Overview This...
CVE-2024-9405
An incorrect limitation of a path to a restricted directory path traversal has been detected in Pluck CMS, affecting version 4.7.18. An unauthenticated attacker could extract sensitive information from the server via the absolute path of a file located in the same directory or subdirectory as the...