Pluck@4.7.7 Security Vulnerabilities and Issues — Pluck@4.7.7 CVE List

Lucene search

Pluck-cmsPluck4.7.7

4 matches found

CVE•added 2018/06/05 6:29 a.m.•35 views

CVE-2018-11736

An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file.

9.8CVSS9.7AI score0.00864EPSS

CVE•added 2018/12/04 4:29 p.m.•35 views

CVE-2018-16634

Pluck v4.7.7 allows CSRF via admin.php?action=settings.

8.8CVSS8.7AI score0.00141EPSS

CVE•added 2018/09/12 4:29 p.m.•29 views

CVE-2018-16729

Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files.

5.4CVSS5.2AI score0.00236EPSS

CVE•added 2018/12/04 4:29 p.m.•26 views

CVE-2018-16633

Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title.

5.4CVSS5.2AI score0.00206EPSS