exploitDog

CVE-2021-31746

Опубликовано: 10 дек. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to upload specially crafted zip files, resulting in directory traversal and potentially arbitrary code execution.

Ссылки

https://github.com/pluck-cms/pluck/issues/100
Exploit
Third Party Advisory
https://github.com/pluck-cms/pluck/issues/100
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pluck-cms:pluck:4.7.15:-:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.01381

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-w37j-mvh3-43m8

github

около 4 лет назад

Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to upload specially crafted zip files, resulting in directory traversal and potentially arbitrary code execution.

EPSS

Процентиль: 80%

0.01381

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-22