Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pluck vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-31745
Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an malicious user to sustain unauthorized access to the platform. Because Pluck does not invalidate prior sessions after a password change, access can be sustained even after an administrator performs re...
Pluck-cms Pluck 4.7.15
7.5
CVSSv2
CVE-2021-31746
Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an malicious user to upload specially crafted zip files, resulting in directory traversal and potentially arbitrary code execution.
Pluck-cms Pluck 4.7.15
6.8
CVSSv2
CVE-2018-16634
Pluck v4.7.7 allows CSRF via admin.php?action=settings.
Pluck-cms Pluck 4.7.7
6.8
CVSSv2
CVE-2008-6253
Directory traversal vulnerability in data/inc/lib/pcltar.lib.php in Pluck 4.5.3, when register_globals is enabled, allows remote malicious users to include and execute arbitrary local files via directory traversal sequences in the g_pcltar_lib_dir parameter.
Pluck-cms Pluck 4.5.3
1 EDB exploit
6.8
CVSSv2
CVE-2009-1765
Multiple directory traversal vulnerabilities in pluck 4.6.2, when register_globals is enabled, allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the langpref parameter to (1) data/modules/contactform/module_info.php, (2) data/modules/...
Pluck-cms Pluck 4.6.2
1 EDB exploit
NA
CVE-2023-5013
A vulnerability has been found in Pluck CMS 4.7.18 and classified as problematic. This vulnerability affects unknown code of the file install.php of the component Installation Handler. The manipulation of the argument contents with the input <script>alert('xss')&l...
Pluck-cms Pluck 4.7.18
4.3
CVSSv2
CVE-2012-0253
Multiple cross-site scripting (XSS) vulnerabilities in Demand Media Pluck SiteLife prior to 5.0.13 allow remote malicious users to inject arbitrary web script or HTML via (1) the jsonRequest parameter to Direct/Process, the (2) r or (3) cb parameter to Direct/jsonp.htm, or (4) th...
Demandmedia Pluck Sitelife
7.5
CVSSv2
CVE-2019-1010062
PluckCMS 4.7.4 and previous versions is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. The impact is: get webshell. The component is: data/inc/images.php line36. The attack vector is: modify the MIME TYPE on HTTP request to upload a php file. The fixed vers...
Pluck-cms Pluckcms
NA
CVE-2020-20718
File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote malicious user to execute arbitrary code via a crafted image file to the the save_file() parameter.
Pluck-cms Pluckcms 4.7.10
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5