An issue exists in Pluck prior to 4.7.7-dev2. /data/inc/images.php allows remote malicious users to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pluck-cms pluck |
||
pluck-cms pluck 4.7.7 |