Vulnerabilities > Pluck CMS

DATE CVE VULNERABILITY TITLE RISK
2019-07-16 CVE-2019-1010062 Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluckcms
PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type.
network
low complexity
pluck-cms CWE-434
7.5
2019-04-19 CVE-2019-11344 Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.8
data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute arbitrary code by uploading a .htaccess file that specifies SetHandler x-httpd-php for a .txt file, because only certain PHP-related filename extensions are blocked.
network
low complexity
pluck-cms CWE-434
7.5
2019-02-23 CVE-2019-9052 Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.9
An issue was discovered in Pluck 4.7.9-dev1.
network
pluck-cms CWE-352
5.8
2019-02-23 CVE-2019-9051 Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.9
An issue was discovered in Pluck 4.7.9-dev1.
network
pluck-cms CWE-352
5.8
2019-02-23 CVE-2019-9050 Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.9
An issue was discovered in Pluck 4.7.9-dev1.
network
low complexity
pluck-cms CWE-434
6.5
2019-02-23 CVE-2019-9049 Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.9
An issue was discovered in Pluck 4.7.9-dev1.
network
pluck-cms CWE-352
5.8
2019-02-23 CVE-2019-9048 Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.9
An issue was discovered in Pluck 4.7.9-dev1.
network
pluck-cms CWE-352
5.8
2018-12-04 CVE-2018-16634 Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.7
Pluck v4.7.7 allows CSRF via admin.php?action=settings.
network
pluck-cms CWE-352
6.8
2018-12-04 CVE-2018-16633 Cross-site Scripting vulnerability in Pluck-Cms Pluck 4.7.7
Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title.
network
pluck-cms CWE-79
3.5
2018-09-12 CVE-2018-16729 Cross-site Scripting vulnerability in Pluck-Cms Pluck 4.7.7
Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files.
network
pluck-cms CWE-79
3.5