Remote PHP Code Execution Vulnerability in Pluck CMS

Remote PHP Code Execution Vulnerability in Pluck CMS

CVE-2018-11331 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess.

Learn more about our Web Application Penetration Testing UK.