| |
Vulnerability CVE-2020-29607
Published: 2020-12-16
| Description: |
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution. |
See advisories in our WLB2 database: | Topic | Author | Date |
High |
| Ron Jost (Hacker... | 26.05.2021 |
Type:
CWE-434 (Unrestricted Upload of File with Dangerous Type)
CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
6.5/10 |
6.4/10 |
8/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
Single time |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
https://github.com/pluck-cms/pluck/issues/96
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
