CVE-2018-11736

An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file.
References
Link Resource
https://github.com/pluck-cms/pluck/releases/tag/4.7.7-dev2 Release Notes Third Party Advisory
https://github.com/pluck-cms/pluck/issues/61 Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:pluck-cms:pluck:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:pluck-cms:pluck:4.7.7:dev1:*:*:*:*:*:*

Information

Published : 2018-06-04 23:29

Updated : 2018-07-23 06:23


NVD link : CVE-2018-11736

Mitre link : CVE-2018-11736


JSON object : View

CWE
CWE-434

Unrestricted Upload of File with Dangerous Type

Advertisement

dedicated server usa

Products Affected

pluck-cms

  • pluck