Pluck 4.7.18 Remote Shell Upload

## Title: pluck-4.7.18 - FI + RCE.## Author: nu11secur1ty## Date: 07.19.2023## Vendor: https://github.com/pluck-cms/pluck/wiki## Software: https://github.com/pluck-cms/pluck## Reference: https://portswigger.net/daily-swig/rce## Reference: https://portswigger.net/web-security/file-upload## Description:The attacker who already has an account can upload a fake module tothe system and can execute the content from this moduleon the server. In this example, the attacker executes an info filefrom the already fake uploaded module and gets all information forthis system. This is a CRITICAL Vulnerability.The problem is that these developers are not making a strongsanitizing upload function and do not restrict the execution frominsideof the server.## Staus: HIGH Vulnerability[+]Exploit: prostak.php- - - NOTE: The attacker also can upload an EXE file, which file hecan execute or download!```php<?php// by nu11secur1ty - 2023  phpinfo();?>```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/pluck/2023/pluck-4.7.18)## Proof and Exploit[href](https://www.nu11secur1ty.com/2023/07/pluck-4718-fi-rce.html)## Time spend:00:35:00