PluckCMS
by Pluck
Source repositories
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-20969 | 0.03 | — | 0.06 | Jun 20, 2023 | File Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacker to execute arbitrary code via the trashcan_restoreitem.php file. | |||
| CVE-2020-20718 | 0.00 | — | 0.01 | Jun 20, 2023 | File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote attacker to execute arbitrary code via a crafted image file to the the save_file() parameter. | |||
| CVE-2019-1010062 | 0.00 | — | 0.02 | Jul 16, 2019 | PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. The impact is: get webshell. The component is: data/inc/images.php line36. The attack vector is: modify the MIME TYPE on HTTP request to upload a php file. The fixed version is:… |
- CVE-2020-20969Jun 20, 2023risk 0.03cvss —epss 0.06
File Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacker to execute arbitrary code via the trashcan_restoreitem.php file.
- CVE-2020-20718Jun 20, 2023risk 0.00cvss —epss 0.01
File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote attacker to execute arbitrary code via a crafted image file to the the save_file() parameter.
- CVE-2019-1010062Jul 16, 2019risk 0.00cvss —epss 0.02
PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. The impact is: get webshell. The component is: data/inc/images.php line36. The attack vector is: modify the MIME TYPE on HTTP request to upload a php file. The fixed version is:…