Description:- HTML injection is a type of injection issue that occurs when a user is able to control an input point and is able to inject arbitrary HTML code into a vulnerable web page. This vulnerability can have many consequences, like disclosure of a user's session cookies that could be used to impersonate the victim, or, more generally, it can allow the attacker to modify the page content seen by the victims.
Vulnerability Name:- HTML Injection
Vulnerable URL:- http://localhost/pluckmaster/pluckmaster/files/html injection.html

Discovered by: BreachLock

Website: https://www.breachlock.com

Author: Rahul Kumar Rai

Proof of concept:
Step1: Login into the pluck-master using the admin role.
Step2: Go to the pages option and click there, you will get an option of manage files. Then browse the .html extension file where the crafted code is written inside. Then click on upload.

Step3: After uploading a file, just click on the search box. It is shown below.

Step4: Here .html file will be executed.

Here is the html code:-

HACKED BY BREACHLOCK

I WANT TO BACK FREE

If you login as admin, you can completely deface the website without any code at all.

As miwebguy states, this is not an exploit... this is like saying if I have your car keys I can crash your car into a tree..