CVE-2020-20718: Malicious File Upload
First published: Tue Jun 20 2023(Updated: )
File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote attacker to execute arbitrary code via a crafted image file to the the save_file() parameter.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pluck CMS | =4.7.10-dev |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this PluckCMS vulnerability?
The vulnerability ID for this PluckCMS vulnerability is CVE-2020-20718.
What is the severity of CVE-2020-20718?
The severity of CVE-2020-20718 is critical with a CVSS score of 9.8.
How does the File Upload vulnerability in PluckCMS v.4.7.10 dev versions work?
The File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote attacker to execute arbitrary code by uploading a crafted image file using the 'save_file()' parameter.
Which versions of PluckCMS are affected by CVE-2020-20718?
Only PluckCMS v.4.7.10 dev versions are affected by CVE-2020-20718.
Is there a fix for CVE-2020-20718?
Yes, there is a fix available for CVE-2020-20718. It is recommended to update PluckCMS to a version that is not affected by this vulnerability.
- agent/type
- agent/softwarecombine
- agent/references
- agent/weakness
- agent/severity
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/pluck-cms
- canonical/pluck cms
- version/pluck cms/4.7.10-dev