Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for pluck-cms by Pluck

    CVE-2023-25828 (GCVE-0-2023-25828)

    Vulnerability from nvd – Published: 2023-03-27 16:35 – Updated: 2025-02-19 17:00
    VLAI
    Title
    Authenticate Remote Code Execution in Pluck CMS
    Summary
    Pluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization process before being available on the site. Due to lack of file extension validation, it is possible to upload a crafted JPEG payload containing an embedded PHP web-shell. An attacker may navigate to it directly to achieve RCE on the underlying web server. Administrator credentials for the Pluck CMS web interface are required to access the albums module feature, and are thus required to exploit this vulnerability. CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C (8.2 High)
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    Pluck pluck-cms Affected: 4.7 , ≤ 4.7.16-dev4 (custom)
    Create a notification for this product.
    Date Public
    2023-03-23 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:32:12.659Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.synopsys.com/blogs/software-security/pluck-cms-vulnerability/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.2,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25828",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-19T16:58:52.517609Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-19T17:00:50.974Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "pluck-cms",
              "repo": "https://github.com/pluck-cms/pluck",
              "vendor": "Pluck",
              "versions": [
                {
                  "lessThanOrEqual": "4.7.16-dev4",
                  "status": "affected",
                  "version": "4.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2023-03-23T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003ePluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its \u201calbums\u201d module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization process before being available on the site. Due to lack of file extension validation, it is possible to upload a crafted JPEG payload containing an embedded PHP web-shell. An attacker may navigate to it directly to achieve RCE on the underlying web server. Administrator credentials for the Pluck CMS web interface are required to access the albums module feature, and are thus required to exploit this vulnerability. CVSS:3.1/\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C (8.2 High)\u003c/span\u003e\u003c/p\u003e\n\n"
                }
              ],
              "value": "\nPluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its \u201calbums\u201d module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization process before being available on the site. Due to lack of file extension validation, it is possible to upload a crafted JPEG payload containing an embedded PHP web-shell. An attacker may navigate to it directly to achieve RCE on the underlying web server. Administrator credentials for the Pluck CMS web interface are required to access the albums module feature, and are thus required to exploit this vulnerability. CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C (8.2 High)\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-27T16:35:22.406Z",
            "orgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
            "shortName": "SNPS"
          },
          "references": [
            {
              "url": "https://www.synopsys.com/blogs/software-security/pluck-cms-vulnerability/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Authenticate Remote Code Execution in Pluck CMS",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
        "assignerShortName": "SNPS",
        "cveId": "CVE-2023-25828",
        "datePublished": "2023-03-27T16:35:22.406Z",
        "dateReserved": "2023-02-15T17:57:02.192Z",
        "dateUpdated": "2025-02-19T17:00:50.974Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-25828 (GCVE-0-2023-25828)

    Vulnerability from cvelistv5 – Published: 2023-03-27 16:35 – Updated: 2025-02-19 17:00
    VLAI
    Title
    Authenticate Remote Code Execution in Pluck CMS
    Summary
    Pluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization process before being available on the site. Due to lack of file extension validation, it is possible to upload a crafted JPEG payload containing an embedded PHP web-shell. An attacker may navigate to it directly to achieve RCE on the underlying web server. Administrator credentials for the Pluck CMS web interface are required to access the albums module feature, and are thus required to exploit this vulnerability. CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C (8.2 High)
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    Pluck pluck-cms Affected: 4.7 , ≤ 4.7.16-dev4 (custom)
    Create a notification for this product.
    Date Public
    2023-03-23 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:32:12.659Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.synopsys.com/blogs/software-security/pluck-cms-vulnerability/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.2,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25828",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-19T16:58:52.517609Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-19T17:00:50.974Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "pluck-cms",
              "repo": "https://github.com/pluck-cms/pluck",
              "vendor": "Pluck",
              "versions": [
                {
                  "lessThanOrEqual": "4.7.16-dev4",
                  "status": "affected",
                  "version": "4.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2023-03-23T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003ePluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its \u201calbums\u201d module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization process before being available on the site. Due to lack of file extension validation, it is possible to upload a crafted JPEG payload containing an embedded PHP web-shell. An attacker may navigate to it directly to achieve RCE on the underlying web server. Administrator credentials for the Pluck CMS web interface are required to access the albums module feature, and are thus required to exploit this vulnerability. CVSS:3.1/\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C (8.2 High)\u003c/span\u003e\u003c/p\u003e\n\n"
                }
              ],
              "value": "\nPluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its \u201calbums\u201d module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization process before being available on the site. Due to lack of file extension validation, it is possible to upload a crafted JPEG payload containing an embedded PHP web-shell. An attacker may navigate to it directly to achieve RCE on the underlying web server. Administrator credentials for the Pluck CMS web interface are required to access the albums module feature, and are thus required to exploit this vulnerability. CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C (8.2 High)\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-27T16:35:22.406Z",
            "orgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
            "shortName": "SNPS"
          },
          "references": [
            {
              "url": "https://www.synopsys.com/blogs/software-security/pluck-cms-vulnerability/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Authenticate Remote Code Execution in Pluck CMS",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
        "assignerShortName": "SNPS",
        "cveId": "CVE-2023-25828",
        "datePublished": "2023-03-27T16:35:22.406Z",
        "dateReserved": "2023-02-15T17:57:02.192Z",
        "dateUpdated": "2025-02-19T17:00:50.974Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }