cbcvebase.
CVE-2023-50564
published 2023-12-14

CVE-2023-50564: An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading…

PriorityP267high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
29.07%
97.9th percentile
An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file.

Affected

1 ranges
VendorProductVersion rangeFixed in
pluck-cmspluck

Detection & IOCsextracted from sources · hover to see the quote

path/inc/modules_install.php
path/data/settings/pass.php
filenameexploit_pluckv4.7.18_RCE.py
filenameshell.php
  • Detect ZIP file uploads to the Pluck CMS module install endpoint /inc/modules_install.php — this is the attack vector for CVE-2023-50564 arbitrary file upload leading to RCE.
  • Monitor for POST requests to /inc/modules_install.php containing ZIP file uploads, especially from unauthenticated or newly authenticated sessions.
  • Alert on PHP webshell files (e.g., shell.php) appearing under the Pluck CMS web root following a ZIP upload to /inc/modules_install.php.
  • Pluck CMS credentials are stored as a SHA-512 hash in data/settings/pass.php; monitor for unauthorized access to this file path in version control systems or web-accessible directories.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.