← volver
CVE-2020-29607

CVE-2020-29607

EPSS 33.4%
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.
Productos afectados
n/a · n/a
PoCs públicas encontradas7
githubgithub.com/abbarhissarh/CVE-2020-296076githubgithub.com/estebanzarate/CVE-2020-29607-Pluck-CMS-4.7.13-Authenticated-File-Upload-RCE-PoC1githubgithub.com/0xN7y/CVE-2020-296071githubgithub.com/Alienfader/CVE-2020-296070githubgithub.com/CaelumIsMe/CVE-2020-29607-POC0cve_referencepacketstormsecurity.com/files/162785/Pluck-CMS-4.7.13-Remote-Shell-Upload.htmlno verificadoexploitdbwww.exploit-db.com/exploits/49909no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://packetstormsecurity.com/files/162785/Pluck-CMS-4.7.13-Remote-Shell-Upload.htmlhttps://github.com/Hacker5preme/Exploits/tree/main/CVE-2020-29607-Exploithttps://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2020-29607.mdhttps://github.com/pluck-cms/pluck/issues/96