Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pluck-cms vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2008-6842
Directory traversal vulnerability in data/modules/blog/module_pages_site.php in Pluck 4.6.1 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the post parameter.
Pluck-cms Pluck 4.6.1
1 EDB exploit
NA
CVE-2020-20718
File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote malicious user to execute arbitrary code via a crafted image file to the the save_file() parameter.
Pluck-cms Pluckcms 4.7.10
NA
CVE-2020-20919
File upload vulnerability in Pluck CMS v.4.7.10-dev2 allows a remote malicious user to execute arbitrary code and access sensitive information via the theme.php file.
Pluck-cms Pluck 4.7.10
7.5
CVSSv2
CVE-2020-20951
In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when uploading files.
Pluck-cms Pluck 4.7.10
NA
CVE-2020-20969
File Upload vulnerability in PluckCMS v.4.7.10 allows a remote malicious user to execute arbitrary code via the trashcan_restoreitem.php file.
Pluck-cms Pluck 4.7.10
3.5
CVSSv2
CVE-2018-16633
Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title.
Pluck-cms Pluck 4.7.7
3.5
CVSSv2
CVE-2018-16729
Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files.
Pluck-cms Pluck 4.7.7
4.3
CVSSv2
CVE-2020-24740
An issue exists in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage
Pluck-cms Pluck 4.7.10
NA
CVE-2023-50564
An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows malicious users to execute arbitrary code via uploading a crafted ZIP file.
Pluck-cms Pluck 4.7.18
6.8
CVSSv2
CVE-2009-1765
Multiple directory traversal vulnerabilities in pluck 4.6.2, when register_globals is enabled, allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the langpref parameter to (1) data/modules/contactform/module_info.php, (2) data/modules/...
Pluck-cms Pluck 4.6.2
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »