An issue exists in Pluck prior to 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pluck-cms pluck |