6 matches found
EUVD-2019-3023
Malware in sbrugna...
CVE-2019-11344
data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute arbitrary code by uploading a .htaccess file that specifies SetHandler x-httpd-php for a .txt file, because only certain PHP-related filename extensions are blocked...
Code injection
data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute arbitrary code by uploading a .htaccess file that specifies SetHandler x-httpd-php for a .txt file, because only certain PHP-related filename extensions are blocked...
CVE-2019-11344
data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute arbitrary code by uploading a .htaccess file that specifies SetHandler x-httpd-php for a .txt file, because only certain PHP-related filename extensions are blocked...
CVE-2019-11344
data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute arbitrary code by uploading a .htaccess file that specifies SetHandler x-httpd-php for a .txt file, because only certain PHP-related filename extensions are blocked...
CVE-2019-11344
CVE-2019-11344 affects Pluck 4.7.8 where data/inc/files.php allows remote code execution by uploading a .htaccess that sets SetHandler x-httpd-php for a .txt file, bypassing blocked PHP-related filename extensions. This is documented across multiple feeds (NVD, Red Hat, OSV, CVE lists). Root caus...