File Upload Vulnerability in Pluck CMS by Pluck CMS
CVE-2020-21564

8.8HIGH

Key Information:

Vendor: Pluck-cms
Status: Pluck
Vendor: CVE Published:; 30 September 2020

What is CVE-2020-21564?

A file upload vulnerability has been identified in Pluck CMS versions 4.7.10-dev2 and 4.7.11. This security issue allows attackers to execute arbitrary commands remotely by exploiting the admin.php?action=files feature, which mishandles uploaded files. Proper sanitization and validation measures are critical to prevent unauthorized command execution that could compromise the integrity of the CMS.

References

https://github.com/pluck-cms/pluck/issues/83

x_refsource_MISC

https://github.com/pluck-cms/pluck/issues/91

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 30, 2020
Vulnerability Reserved
Aug 13, 2020

Pluck-cms

What is CVE-2020-21564?

References

CVSS V3.1

Timeline