An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file.
References
Link | Resource |
---|---|
https://github.com/pluck-cms/pluck/releases/tag/4.7.7-dev2 | Release Notes Third Party Advisory |
https://github.com/pluck-cms/pluck/issues/61 | Exploit Third Party Advisory |
Information
Published : 2018-06-04 23:29
Updated : 2018-07-23 06:23
NVD link : CVE-2018-11736
Mitre link : CVE-2018-11736
JSON object : View
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type
Products Affected
pluck-cms
- pluck