← voltar
CVE-2020-29607

CVE-2020-29607

EPSS 33.4%
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.
Produtos afetados
n/a · n/a
PoCs públicas encontradas7
githubgithub.com/abbarhissarh/CVE-2020-296076githubgithub.com/estebanzarate/CVE-2020-29607-Pluck-CMS-4.7.13-Authenticated-File-Upload-RCE-PoC1githubgithub.com/0xN7y/CVE-2020-296071githubgithub.com/Alienfader/CVE-2020-296070githubgithub.com/CaelumIsMe/CVE-2020-29607-POC0cve_referencepacketstormsecurity.com/files/162785/Pluck-CMS-4.7.13-Remote-Shell-Upload.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/49909não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/162785/Pluck-CMS-4.7.13-Remote-Shell-Upload.htmlhttps://github.com/Hacker5preme/Exploits/tree/main/CVE-2020-29607-Exploithttps://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2020-29607.mdhttps://github.com/pluck-cms/pluck/issues/96