CVE-2020-29607

A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution...

p0wny Shell Remote Code Execution (CVE-2017-9830; CVE-2018-15139; CVE-2018-19423; CVE-2018-6383; CVE-2020-29607; CVE-2021-24155; CVE-2021-24347)

p0wny Shell is a PHP shell. An attacker might use this shell to execute arbitrary code on the affected system...

Pluck CMS 4.7.13 Remote Shell Upload

Exploit Title: Pluck CMS 4.7.13 - File Upload Remote Code Execution Authenticated Date: 25.05.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck/releases/tag/4.7.13 Version: 4.7.13 Tested on Xubuntu 20.0...

Pluck CMS 4.7.13 - File Upload Remote Code Execution (Authenticated)

Exploit Title: Pluck CMS 4.7.13 - File Upload Remote Code Execution Authenticated Date: 25.05.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck/releases/tag/4.7.13 Version: 4.7.13 Tested on Xubuntu 20.0...

CVE-2020-29607

creationtimestamp| type| source ---|---|--- 2020-12-16 18:41:39+00:00| seen| https://t.me/cibsecurity/20923 2021-05-26 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/49909 2021-05-26 12:17:00+00:00| seen| https://t.me/pwnwikizhchannel/510 2021-06-18 20:00:35+00:00|...

CVE-2020-29607

CVE-2020-29607 affects Pluck CMS prior to 4.7.13, where a file upload restriction bypass in the admin “manage files” functionality allows an authenticated admin to upload a payload and trigger remote code execution. Public references show an authenticated file-upload RCE exploit for Pluck 4.7.13 ...