ByteOS Network

NVD Vulnerability Details :

CVE-2018-11331

Analyzed

Source-cve@mitre.org

Published At-21 May, 2018 | 21:29

Updated At-22 Jun, 2018 | 13:36

An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 3.0

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 7.5

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

pluck-cms>>pluck>>Versions before 4.7.6(exclusive)

cpe:2.3:a:pluck-cms:pluck:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-434	Primary	nvd@nist.gov

CWE ID: CWE-434

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://github.com/pluck-cms/pluck/commit/8f6541e60c9435e82e9c531a20cb3c218d36976e	cve@mitre.org	Patch Third Party Advisory
https://github.com/pluck-cms/pluck/issues/58	cve@mitre.org	Issue Tracking Patch Third Party Advisory

Hyperlink: https://github.com/pluck-cms/pluck/commit/8f6541e60c9435e82e9c531a20cb3c218d36976e

Source: cve@mitre.org

Resource:

Patch

Third Party Advisory

Hyperlink: https://github.com/pluck-cms/pluck/issues/58

Source: cve@mitre.org

Resource:

Issue Tracking

Patch

Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History