Show filters
4 Total Results
Displaying 1-4 of 4
Sort by:
Attacker Value
Unknown

CVE-2018-16633

Disclosure Date: December 04, 2018 (last updated November 27, 2024)
Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title.
0
0
Attacker Value
Unknown

CVE-2018-16634

Disclosure Date: December 04, 2018 (last updated November 27, 2024)
Pluck v4.7.7 allows CSRF via admin.php?action=settings.
0
0
Attacker Value
Unknown

CVE-2018-16729

Disclosure Date: September 12, 2018 (last updated November 27, 2024)
Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files.
0
0
Attacker Value
Unknown

CVE-2018-11736

Disclosure Date: June 05, 2018 (last updated November 26, 2024)
An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file.
0
0