fkie_cve-2023-25828
Vulnerability from fkie_nvd
Published
2023-03-27 17:15
Modified
2025-02-19 17:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Pluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization process before being available on the site. Due to lack of file extension validation, it is possible to upload a crafted JPEG payload containing an embedded PHP web-shell. An attacker may navigate to it directly to achieve RCE on the underlying web server. Administrator credentials for the Pluck CMS web interface are required to access the albums module feature, and are thus required to exploit this vulnerability. CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C (8.2 High)
References
disclosure@synopsys.comhttps://www.synopsys.com/blogs/software-security/pluck-cms-vulnerability/Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.synopsys.com/blogs/software-security/pluck-cms-vulnerability/Patch, Third Party Advisory
Impacted products
Vendor Product Version
pluck-cms pluck *
pluck-cms pluck 4.7.16
pluck-cms pluck 4.7.16
pluck-cms pluck 4.7.16
pluck-cms pluck 4.7.16


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pluck-cms:pluck:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "68FEF945-EB20-4C8A-AE93-E8FBF280D3D1",
              "versionEndExcluding": "4.7.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pluck-cms:pluck:4.7.16:dev1:*:*:*:*:*:*",
              "matchCriteriaId": "202CB88D-BDA3-4F58-8CAB-6224367CA33B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pluck-cms:pluck:4.7.16:dev2:*:*:*:*:*:*",
              "matchCriteriaId": "6C20AFCB-BF33-42E3-A735-E0B7E9C6D4E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pluck-cms:pluck:4.7.16:dev3:*:*:*:*:*:*",
              "matchCriteriaId": "7CD1FF6D-A0F9-46CF-AF24-1CBC4F858D13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pluck-cms:pluck:4.7.16:dev4:*:*:*:*:*:*",
              "matchCriteriaId": "2A0E277D-0CB2-448C-9508-1E5719128EDC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\nPluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its \u201calbums\u201d module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization process before being available on the site. Due to lack of file extension validation, it is possible to upload a crafted JPEG payload containing an embedded PHP web-shell. An attacker may navigate to it directly to achieve RCE on the underlying web server. Administrator credentials for the Pluck CMS web interface are required to access the albums module feature, and are thus required to exploit this vulnerability. CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C (8.2 High)\n\n\n\n"
    }
  ],
  "id": "CVE-2023-25828",
  "lastModified": "2025-02-19T17:15:13.397",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-03-27T17:15:09.480",
  "references": [
    {
      "source": "disclosure@synopsys.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.synopsys.com/blogs/software-security/pluck-cms-vulnerability/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.synopsys.com/blogs/software-security/pluck-cms-vulnerability/"
    }
  ],
  "sourceIdentifier": "disclosure@synopsys.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "disclosure@synopsys.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.