Shodan
Vulnerabilities
Vulnerable Software
Pluck-Cms:  Security Vulnerabilities
CVE-2020-18198
Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete specific images via the component " /admin.php?action=images."
CVSS Score
8.8
EPSS Score
0.003
Published
2021-05-17
CVE-2020-29607
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.
CVSS Score
7.2
EPSS Score
0.755
Published
2020-12-16
CVE-2020-21564
An issue was discovered in Pluck CMS 4.7.10-dev2 and 4.7.11. There is a file upload vulnerability that can cause a remote command execution via admin.php?action=files.
CVSS Score
8.8
EPSS Score
0.038
Published
2020-09-30
CVE-2019-1010062
PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. The impact is: get webshell. The component is: data/inc/images.php line36. The attack vector is: modify the MIME TYPE on HTTP request to upload a php file. The fixed version is: after commit 09f0ab871bf633973cfd9fc4fe59d4a912397cf8.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-07-16
CVE-2019-11344
data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute arbitrary code by uploading a .htaccess file that specifies SetHandler x-httpd-php for a .txt file, because only certain PHP-related filename extensions are blocked.
CVSS Score
9.8
EPSS Score
0.026
Published
2019-04-19
CVE-2019-9048
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete a theme (aka topic) via a /admin.php?action=theme_delete&var1= URI.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-02-23
CVE-2019-9049
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete modules via a /admin.php?action=module_delete&var1= URI.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-02-23
CVE-2019-9050
An issue was discovered in Pluck 4.7.9-dev1. It allows administrators to execute arbitrary code by using action=installmodule to upload a ZIP archive, which is then extracted and executed.
CVSS Score
7.2
EPSS Score
0.009
Published
2019-02-23
CVE-2019-9051
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete articles via a /admin.php?action=deletepage&var1= URI.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-02-23
CVE-2019-9052
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete pictures via a /admin.php?action=deleteimage&var1= URI.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-02-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved