CVE-2020-29607: Malicious File Upload
First published: Wed Dec 16 2020(Updated: )
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pluck CMS | <4.7.13 | |
| <4.7.13 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Pluck CMS vulnerability?
The vulnerability ID for this Pluck CMS vulnerability is CVE-2020-29607.
What is the severity of CVE-2020-29607?
The severity of CVE-2020-29607 is high with a CVSS score of 7.2.
How does the vulnerability in Pluck CMS before 4.7.13 affect the software?
The vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to bypass file upload restrictions and potentially gain remote code execution.
How can an admin privileged user exploit this vulnerability?
An admin privileged user can exploit this vulnerability by using the 'manage files' functionality to bypass file upload restrictions and potentially execute remote code.
Is there a fix available for CVE-2020-29607 in Pluck CMS?
Yes, updating to Pluck CMS version 4.7.13 or above will fix the vulnerability.
- agent/type
- agent/severity
- agent/author
- agent/weakness
- agent/first-publish-date
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- agent/references
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- agent/event
- vendor/pluck-cms
- canonical/pluck cms