← Back

Pluck Cms

pluck-cms

45 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Pluck
pluck
43 CVEs
Pluckcms
pluckcms
2 CVEs

CVEs (45)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2014-8706
1Pluck Cms
1Pluck
May 13, 2026
Mar 17, 2017
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
Pluck CMS 4.7.2 allows remote attackers to obtain sensitive information by (1) changing "PHPSESSID" to an array; (2) adding non-alphanumeric chars to "PHPSESSID"; (3) changing the image parameter to an array; or (4) chan...Show more
Pluck CMS 4.7.2 allows remote attackers to obtain sensitive information by (1) changing "PHPSESSID" to an array; (2) adding non-alphanumeric chars to "PHPSESSID"; (3) changing the image parameter to an array; or (4) changing the image parameter to a string, which reveals the installation path in an error message.Show less
CVE-2012-1227
1Pluck Cms
1Pluck
Apr 29, 2026
Feb 21, 2012
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that (1) modify the admin email address or (2) modify the bl...Show more
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that (1) modify the admin email address or (2) modify the blog title via a settings action; (3) add a page via an editpage action, or (4) add a categorie via the blog module.Show less
CVE-2008-6842
1Pluck Cms
1Pluck
Apr 23, 2026
Jul 2, 2009
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Directory traversal vulnerability in data/modules/blog/module_pages_site.php in Pluck 4.6.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the post parameter.
CVE-2009-1765
1Pluck Cms
1Pluck
Apr 23, 2026
May 22, 2009
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Multiple directory traversal vulnerabilities in pluck 4.6.2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langpref parameter to (1) data/...Show more
Multiple directory traversal vulnerabilities in pluck 4.6.2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langpref parameter to (1) data/modules/contactform/module_info.php, (2) data/modules/blog/module_info.php, and (3) data/modules/albums/module_info.php, different vectors than CVE-2008-3194.Show less
CVE-2008-6253
1Pluck Cms
1Pluck
Apr 23, 2026
Feb 24, 2009
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Directory traversal vulnerability in data/inc/lib/pcltar.lib.php in Pluck 4.5.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in...Show more
Directory traversal vulnerability in data/inc/lib/pcltar.lib.php in Pluck 4.5.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the g_pcltar_lib_dir parameter.Show less