Directory traversal vulnerability in data/inc/lib/pcltar.lib.php in Pluck 4.5.3, when register_globals is enabled, allows remote malicious users to include and execute arbitrary local files via directory traversal sequences in the g_pcltar_lib_dir parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pluck-cms pluck 4.5.3 |