2 matches found
CVE-2023-25828 Authenticate Remote Code Execution in Pluck CMS
Pluck CMS is vulnerable to an authenticated remote code execution RCE vulnerability through its “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization process...
CVE-2023-25828
Pluck CMS (authenticated) is vulnerable to remote code execution via the albums module. A lack of file extension validation allows uploading a crafted JPEG payload containing an embedded PHP web-shell, which an authenticated admin can access to achieve RCE on the web server. Affected: Pluck CMS a...