Show filters
7 Total Results
Displaying 1-7 of 7
Sort by:
Attacker Value
Unknown
CVE-2020-18198
Disclosure Date: May 17, 2021 (last updated February 22, 2025)
Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete specific images via the component " /admin.php?action=images."
0
Attacker Value
Unknown
CVE-2020-18195
Disclosure Date: May 17, 2021 (last updated February 22, 2025)
Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific article via the component " /admin.php?action=page."
0
Attacker Value
Unknown
CVE-2019-9048
Disclosure Date: February 23, 2019 (last updated November 27, 2024)
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete a theme (aka topic) via a /admin.php?action=theme_delete&var1= URI.
0
Attacker Value
Unknown
CVE-2019-9050
Disclosure Date: February 23, 2019 (last updated November 27, 2024)
An issue was discovered in Pluck 4.7.9-dev1. It allows administrators to execute arbitrary code by using action=installmodule to upload a ZIP archive, which is then extracted and executed.
0
Attacker Value
Unknown
CVE-2019-9051
Disclosure Date: February 23, 2019 (last updated November 27, 2024)
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete articles via a /admin.php?action=deletepage&var1= URI.
0
Attacker Value
Unknown
CVE-2019-9049
Disclosure Date: February 23, 2019 (last updated November 27, 2024)
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete modules via a /admin.php?action=module_delete&var1= URI.
0
Attacker Value
Unknown
CVE-2019-9052
Disclosure Date: February 23, 2019 (last updated November 27, 2024)
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete pictures via a /admin.php?action=deleteimage&var1= URI.
0
