CVE-2020-29607

Published: Dec 16, 2020Modified: Apr 16, 2025

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.

Affected (1)

Products: Pluck Cms: Pluck

Pluck Cms

1 product

Pluck

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pluck Cms Pluck	Before 4.7.13

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (7)

http://packetstormsecurity.com/files/162785/Pluck-CMS-4.7.13-Remote-Shell-Upload.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://github.com/Hacker5preme/Exploits/tree/main/CVE-2020-29607-Exploit

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2020-29607.md

Source: cve@mitre.org

https://github.com/pluck-cms/pluck/issues/96

Source: cve@mitre.org

ExploitThird Party Advisory

http://packetstormsecurity.com/files/162785/Pluck-CMS-4.7.13-Remote-Shell-Upload.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://github.com/Hacker5preme/Exploits/tree/main/CVE-2020-29607-Exploit

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://github.com/pluck-cms/pluck/issues/96

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.