CRITICAL🇬🇧 English

CVE-2018-11331

CVSS 9.8v3.0pub. 2018-05-21upd. 2024-11-21

An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Pluck Cms Pluck

    APP
    Pluck-Cms
    < 4.7.6
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2024-43042CRITICAL9.8PL ✓ten sam produkt

Pluck CMS 4.7.18 — brak ograniczenia nieudanych prób logowania (brute force)

CVE-2021-31746CRITICAL9.8ten sam produkt

Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to upload specially crafted zip files, res...

CVE-2020-20951CRITICAL9.8ten sam produkt

In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when uploading files.

CVE-2019-11344CRITICAL9.8ten sam produkt

data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute arbitrary code by uploading a .htaccess f...

CVE-2018-11736CRITICAL9.8ten sam produkt

An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and...