CVE-2020-21564

Опубликовано: 30 сент. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

An issue was discovered in Pluck CMS 4.7.10-dev2 and 4.7.11. There is a file upload vulnerability that can cause a remote command execution via admin.php?action=files.

Ссылки

https://github.com/pluck-cms/pluck/issues/83
Exploit
Third Party Advisory
https://github.com/pluck-cms/pluck/issues/91
Exploit
Issue Tracking
Third Party Advisory
https://github.com/pluck-cms/pluck/issues/83
Exploit
Third Party Advisory
https://github.com/pluck-cms/pluck/issues/91
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:pluck-cms:pluck:4.7.10:dev2:*:*:*:*:*:*

cpe:2.3:a:pluck-cms:pluck:4.7.11:*:*:*:*:*:*:*

EPSS

Процентиль: 88%

0.03726

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-8x34-hcfv-c7qh

github

больше 3 лет назад

An issue was discovered in Pluck CMS v4.7.11. There is a file upload vulnerability that can cause a remote command execution via admin.php?action=files.