Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pluck-cms pluck vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2022-27432
A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows malicious users to change the password of any given user by exploiting this feature leading to account takeover.
Pluck-cms Pluck 4.7.15
7.5
CVSSv2
CVE-2019-1010062
PluckCMS 4.7.4 and previous versions is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. The impact is: get webshell. The component is: data/inc/images.php line36. The attack vector is: modify the MIME TYPE on HTTP request to upload a php file. The fixed vers...
Pluck-cms Pluckcms
NA
CVE-2020-20718
File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote malicious user to execute arbitrary code via a crafted image file to the the save_file() parameter.
Pluck-cms Pluckcms 4.7.10
5
CVSSv2
CVE-2008-3851
Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote malicious users to include and execute arbitrary local files via a ..\ (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/predefined_variables.php, as...
Pluck Pluck 4.5.2
1 EDB exploit
6.8
CVSSv2
CVE-2008-3194
Multiple directory traversal vulnerabilities in data/inc/themes/predefined_variables.php in pluck 4.5.1 allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the (1) langpref, (2) file, (3) blogpost, or (4) cat parameter.
Pluck Pluck 4.5.1
1 EDB exploit
2.6
CVSSv2
CVE-2008-3574
Multiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, when register_globals is enabled, allow remote malicious users to inject arbitrary web script or HTML via the (1) lang_footer parameter to (a) data/inc/footer.php; the (2) pluck_version, (3) lang_install22, (4) t...
Pluck Pluck 4.5.2
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5