Описание
An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess.
Ссылки
- PatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- PatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.7.6 (исключая)
cpe:2.3:a:pluck-cms:pluck:*:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00741
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess.
EPSS
Процентиль: 72%
0.00741
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-434