-
Author: Jack Potter
-
Original discovery: Ashish Koli (Shikari)
-
Version: 4.7.16
-
CVE: CVE-2022-26965
-
Example: python fullPluckStager.py -t 127.0.0.1 --password pass1 --theme /theme/bestfriends.tar.gz --shell /shell/shell.php -u /pluck-4.7.16-dev5
-
Notifications
You must be signed in to change notification settings - Fork 1
A theme upload functinality in Pluck CMS before 4.7.16 allows an admin privileged user to gain access in the host through the "themes files", which may result in remote code execution. This rendition of the original exploit includes patches for problems I had when executing the script and automatic theme shell injection
j-4ck/PluckCMS
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
About
A theme upload functinality in Pluck CMS before 4.7.16 allows an admin privileged user to gain access in the host through the "themes files", which may result in remote code execution. This rendition of the original exploit includes patches for problems I had when executing the script and automatic theme shell injection
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published