data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute arbitrary code by uploading a .htaccess file that specifies SetHandler x-httpd-php for a .txt file, because only certain PHP-related filename extensions are blocked.
Max CVSS
9.8
EPSS Score
1.94%
Published
2019-04-19
Updated
2019-04-22
Pluck CMS 4.7.2 allows remote attackers to execute arbitrary code via the blog form feature.
Max CVSS
9.8
EPSS Score
2.11%
Published
2017-03-17
Updated
2017-03-20
2 vulnerabilities found