Remote PHP Code Execution Vulnerability in Pluck CMS
CVE-2018-11331 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess.
Learn more about our Web Application Penetration Testing UK.