Vulnerability Details CVE-2018-11736
An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2018-11736
-
cpe:2.3:a:pluck-cms:pluck:4.3
-
cpe:2.3:a:pluck-cms:pluck:4.5.1
-
cpe:2.3:a:pluck-cms:pluck:4.5.2
-
cpe:2.3:a:pluck-cms:pluck:4.5.3
-
cpe:2.3:a:pluck-cms:pluck:4.6.1
-
cpe:2.3:a:pluck-cms:pluck:4.6.2
-
cpe:2.3:a:pluck-cms:pluck:4.7
-
cpe:2.3:a:pluck-cms:pluck:4.7.2
-
cpe:2.3:a:pluck-cms:pluck:4.7.3
-
cpe:2.3:a:pluck-cms:pluck:4.7.4
-
cpe:2.3:a:pluck-cms:pluck:4.7.5
-
cpe:2.3:a:pluck-cms:pluck:4.7.6
-
cpe:2.3:a:pluck-cms:pluck:4.7.7