Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pluck vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2020-18198
Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote malicious users to execute arbitrary code and delete specific images via the component " /admin.php?action=images."
Pluck-cms Pluck 4.7.9
685
VMScore
CVE-2008-6253
Directory traversal vulnerability in data/inc/lib/pcltar.lib.php in Pluck 4.5.3, when register_globals is enabled, allows remote malicious users to include and execute arbitrary local files via directory traversal sequences in the g_pcltar_lib_dir parameter.
Pluck-cms Pluck 4.5.3
1 EDB exploit
445
VMScore
CVE-2014-8706
Pluck CMS 4.7.2 allows remote malicious users to obtain sensitive information by (1) changing "PHPSESSID" to an array; (2) adding non-alphanumeric chars to "PHPSESSID"; (3) changing the image parameter to an array; or (4) changing the image parameter to a stri...
Pluck-cms Pluck 4.7.2
668
VMScore
CVE-2014-8708
Pluck CMS 4.7.2 allows remote malicious users to execute arbitrary code via the blog form feature.
Pluck-cms Pluck 4.7.2
NA
CVE-2020-20918
An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote malicious user to execute arbitrary php code via the hidden parameter to admin.php when editing a page.
Pluck-cms Pluck 4.7.10
NA
CVE-2020-20919
File upload vulnerability in Pluck CMS v.4.7.10-dev2 allows a remote malicious user to execute arbitrary code and access sensitive information via the theme.php file.
Pluck-cms Pluck 4.7.10
383
VMScore
CVE-2012-0253
Multiple cross-site scripting (XSS) vulnerabilities in Demand Media Pluck SiteLife prior to 5.0.13 allow remote malicious users to inject arbitrary web script or HTML via (1) the jsonRequest parameter to Direct/Process, the (2) r or (3) cb parameter to Direct/jsonp.htm, or (4) th...
Demandmedia Pluck Sitelife
668
VMScore
CVE-2019-1010062
PluckCMS 4.7.4 and previous versions is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. The impact is: get webshell. The component is: data/inc/images.php line36. The attack vector is: modify the MIME TYPE on HTTP request to upload a php file. The fixed vers...
Pluck-cms Pluckcms
NA
CVE-2020-20718
File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote malicious user to execute arbitrary code via a crafted image file to the the save_file() parameter.
Pluck-cms Pluckcms 4.7.10
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5