CVE-2023-50564
published 2023-12-14CVE-2023-50564: An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading…
PriorityP267high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
29.07%
97.9th percentile
An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pluck-cms | pluck | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect ZIP file uploads to the Pluck CMS module install endpoint /inc/modules_install.php — this is the attack vector for CVE-2023-50564 arbitrary file upload leading to RCE. ↗
- →Monitor for POST requests to /inc/modules_install.php containing ZIP file uploads, especially from unauthenticated or newly authenticated sessions. ↗
- →Alert on PHP webshell files (e.g., shell.php) appearing under the Pluck CMS web root following a ZIP upload to /inc/modules_install.php. ↗
- →Pluck CMS credentials are stored as a SHA-512 hash in data/settings/pass.php; monitor for unauthorized access to this file path in version control systems or web-accessible directories. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
arXiv
PACEbench: A Framework for Evaluating Practical AI Cyber-Exploitation Capabilities
arxiv_fulltext·2025-10-13
PACEbench: A Framework for Evaluating Practical AI Cyber-Exploitation Capabilities
fancy
## Abstract
The increasing autonomy of Large Language Models (LLMs) necessitates a rigorous evaluation of their potential to aid in cyber offense. Existing benchmarks often lack real-world complexity and are thus unable to accurately assess LLMs' cybersecurity capabilities. To address this gap, we introduce PACEbench, a practical AI cyber-exploitation benchmark built on the principles of realistic vulnerability difficulty, environmental complexity, and cyber defenses. Specifically, PACEbench comprises four scenarios spanning single, blended, chained, and defense vulnerability exploitations. To handle these complex challenges, we propose PACEagent, a novel agent that emulates human penetration testers by supporting multi-phase reconnaissance, analysis, and exploitation.
Extensive ex
CTF
GreenHorn / README
ctf_writeups·CVSS 8.8
CVE-2023-50564 [HIGH] GreenHorn / README
# GreenHorn - HackTheBox - Writeup
Linux, 20 Base Points, Easy
## Machine
## TL;DR
To solve this machine, we start by using `nmap` to enumerate open services and find ports `22`, `80`, and `3000`.
***User***: Discovered `pluck` on port `80` and `gitea` on port `3000`. Retrieved `pluck` credentials from the `gitea` repository. Exploited `CVE-2023-50564` to achieve RCE as `www-data`, then reused the `pluck` password to escalate to the `junior` user.
***Root***: Found a PDF containing a pixelated password. Used the `depix` tool to recover the password.
## GreenHorn Solution
### User
Let's begin by using `nmap` to scan the target machine:
```console
┌─[evyatar9@parrot]─[/hackthebox/GreenHorn]
└──╼ $ nmap -sV -sC -oA nmap/GreenHorn 10.10.11.25
tarting Nmap 7.93 ( https://nmap.org )
CTF
easy / README
ctf_writeups·CVSS 6.0
[MEDIUM] easy / README
---
layout: default
title: Easy Machines
parent: Machines
nav_order: 1
description: "120+ Easy HTB machine writeups with walkthroughs"
permalink: /machines/easy/
---
# HackTheBox Easy Machines - Comprehensive Reference
> Complete catalog of retired HTB Easy machines with OS, key vulnerability, attack path summary, and quality writeup links.
**Total: 100+ Easy Machines** | Updated: April 2026
---
## Quick Navigation
- [Classic / Legacy Machines (2017-2019)](#classic--legacy-machines-2017-2019)
- [2019-2020 Machines](#2019-2020-machines)
- [2021 Machines](#2021-machines)
- [2022 Machines](#2022-machines)
- [2023 Machines](#2023-machines)
- [2024 Machines (Season 4 & 5)](#2024-machines-season-4--5)
- [2025-2026 Machines (Season 6+)](#2025-2026-machines-season-6)
---
## Classic / Legac
2023-12-14
Published