CVE-2018-11331

An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess.
References
Link Resource
https://github.com/pluck-cms/pluck/commit/8f6541e60c9435e82e9c531a20cb3c218d36976e Patch Third Party Advisory
https://github.com/pluck-cms/pluck/issues/58 Issue Tracking Patch Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:pluck-cms:pluck:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-05-21 21:29

Updated : 2024-02-28 16:25


NVD link : CVE-2018-11331

Mitre link : CVE-2018-11331

CVE.ORG link : CVE-2018-11331


JSON object : View

Products Affected

pluck-cms

  • pluck
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type