Headline
Pluck 4.7.18 Remote Shell Upload
Pluck version 4.7.18 appears to suffer from a remote shell upload vulnerability.
## Title: pluck-4.7.18 - FI + RCE.## Author: nu11secur1ty## Date: 07.19.2023## Vendor: https://github.com/pluck-cms/pluck/wiki## Software: https://github.com/pluck-cms/pluck## Reference: https://portswigger.net/daily-swig/rce## Reference: https://portswigger.net/web-security/file-upload## Description:The attacker who already has an account can upload a fake module tothe system and can execute the content from this moduleon the server. In this example, the attacker executes an info filefrom the already fake uploaded module and gets all information forthis system. This is a CRITICAL Vulnerability.The problem is that these developers are not making a strongsanitizing upload function and do not restrict the execution frominsideof the server.## Staus: HIGH Vulnerability[+]Exploit: prostak.php- - - NOTE: The attacker also can upload an EXE file, which file hecan execute or download!```php<?php// by nu11secur1ty - 2023 phpinfo();?>```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/pluck/2023/pluck-4.7.18)## Proof and Exploit[href](https://www.nu11secur1ty.com/2023/07/pluck-4718-fi-rce.html)## Time spend:00:35:00