CVE-2019-11344
CVE-2019-11344 affects Pluck 4.7.8 where data/inc/files.php allows remote code execution by uploading a .htaccess that sets SetHandler x-httpd-php for a .txt file, bypassing blocked PHP-related filename extensions. This is documented across multiple feeds (NVD, Red Hat, OSV, CVE lists). Root caus...