Skip to content
/ CVE-2020-29607 Public

A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.

License

GPL-3.0 license
5 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

0xAbbarhSF/CVE-2020-29607

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
exploit.py
exploit.py
 
 

Repository files navigation

CVE-2020-29607-Exploit

Exploit Title: Pluck CMS 4.7.13 - File Upload Remote Code Execution (Authenticated)

CVE description:

A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.

ExploitDB:

Exploit Description:

An authenticated attack can upload a .phar file by using http://IP/admin.php?action=files to gain a webshell.

Usage:

python3 exploit.py Target_IP Target_Port Username

About

A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

5 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages