A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.
An authenticated attack can upload a .phar file by using http://IP/admin.php?action=files to gain a webshell.
- Vendor Homepage: Vendor Homepage: https://github.com/pluck-cms/pluck
- Software Link: https://github.com/pluck-cms/pluck/releases/tag/4.7.13
- Version: 4.7.13
- Tested on Xubuntu 20.04
python3 exploit.py Target_IP Target_Port Username
- 🕊️ Twitter: @0xAbbarhSF
