Lucene search

K
Pluck-cmsPluck

7 matches found

CVE
CVE
added 2024/08/16 8:15 p.m.48 views

CVE-2024-43042

Pluck CMS 4.7.18 does not restrict failed login attempts, allowing attackers to execute a brute force attack.

9.8CVSS6.9AI score0.00222EPSS
CVE
CVE
added 2018/06/05 6:29 a.m.35 views

CVE-2018-11736

An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file.

9.8CVSS9.7AI score0.00864EPSS
CVE
CVE
added 2019/04/19 7:29 p.m.34 views

CVE-2019-11344

data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute arbitrary code by uploading a .htaccess file that specifies SetHandler x-httpd-php for a .txt file, because only certain PHP-related filename extensions are blocked.

9.8CVSS9.7AI score0.02647EPSS
CVE
CVE
added 2021/12/10 6:15 p.m.33 views

CVE-2021-31746

Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to upload specially crafted zip files, resulting in directory traversal and potentially arbitrary code execution.

9.8CVSS9.7AI score0.01381EPSS
CVE
CVE
added 2018/05/21 9:29 p.m.32 views

CVE-2018-11331

An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess.

9.8CVSS9.8AI score0.0078EPSS
CVE
CVE
added 2021/05/18 4:15 p.m.30 views

CVE-2020-20951

In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when uploading files.

9.8CVSS9.5AI score0.07171EPSS
CVE
CVE
added 2017/03/17 2:59 p.m.29 views

CVE-2014-8708

Pluck CMS 4.7.2 allows remote attackers to execute arbitrary code via the blog form feature.

9.8CVSS9.7AI score0.02919EPSS