cbcvebase.
CVE-2020-29607
published 2020-12-16

CVE-2020-29607: A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files"…

PriorityP263high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EXPLOIT
EPSS
33.43%
98.2th percentile
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.

Affected

1 ranges
VendorProductVersion rangeFixed in
pluck-cmspluck< 4.7.134.7.13

Detection & IOCsextracted from sources · hover to see the quote

path/admin.php?action=files
path/login.php
  • Monitor POST requests to /admin.php?action=files with multipart/form-data content type containing non-image/document file extensions (.phar, .php, etc.) as an indicator of exploitation.
  • The exploit uses a fixed multipart boundary string '5170699732428994785525662060' which can be used as a network signature to identify this specific exploit script in transit.
  • ·The vulnerability affects Pluck CMS versions BEFORE 4.7.13; however, the exploit-db PoC is titled and tested against 4.7.13 specifically — verify the exact patched version boundary when triaging.
  • ·Exploitation requires admin authentication — the attacker must first obtain valid admin credentials (or session cookie) before uploading the webshell.

CVSS provenance

nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.