Pluck Security Vulnerabilities and Issues — Pluck CVE List

Lucene search

Pluck-cmsPluck

6 matches found

CVE•added 2019/04/19 7:29 p.m.•34 views

CVE-2019-11344

data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute arbitrary code by uploading a .htaccess file that specifies SetHandler x-httpd-php for a .txt file, because only certain PHP-related filename extensions are blocked.

9.8CVSS9.7AI score0.02647EPSS

CVE•added 2019/02/23 7:29 p.m.•34 views

CVE-2019-9051

An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete articles via a /admin.php?action=deletepage&var1= URI.

6.5CVSS6.4AI score0.00117EPSS

CVE•added 2019/02/23 7:29 p.m.•33 views

CVE-2019-9050

An issue was discovered in Pluck 4.7.9-dev1. It allows administrators to execute arbitrary code by using action=installmodule to upload a ZIP archive, which is then extracted and executed.

7.2CVSS7.3AI score0.00943EPSS

CVE•added 2019/02/23 7:29 p.m.•33 views

CVE-2019-9052

An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete pictures via a /admin.php?action=deleteimage&var1= URI.

6.5CVSS6.4AI score0.00117EPSS

CVE•added 2019/02/23 7:29 p.m.•31 views

CVE-2019-9048

An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete a theme (aka topic) via a /admin.php?action=theme_delete&var1= URI.

6.5CVSS6.4AI score0.00117EPSS

CVE•added 2019/02/23 7:29 p.m.•31 views

CVE-2019-9049

An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete modules via a /admin.php?action=module_delete&var1= URI.

6.5CVSS6.4AI score0.00117EPSS