CVE-2023-27083 - OpenCVE

An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Pluck-cms	Pluck

Configuration 1 [-]

OR	cpe:2.3:a:pluck-cms:pluck::::::::
	cpe:2.3:a:pluck-cms:pluck:4.7.16:-::::::
	cpe:2.3:a:pluck-cms:pluck:4.7.16:dev1::::::
	cpe:2.3:a:pluck-cms:pluck:4.7.16:dev2::::::
	cpe:2.3:a:pluck-cms:pluck:4.7.16:dev3::::::
	cpe:2.3:a:pluck-cms:pluck:4.7.16:dev4::::::
	cpe:2.3:a:pluck-cms:pluck:4.7.16:dev5::::::

References

Link	Resource
https://medium.com/%40syed.pentester/authenticated-remote-code-execution-rce-on-pluckcms-4-7-15-c309ac1bd145

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-06-22T00:00:00

Updated: 2023-06-22T00:00:00

Reserved: 2023-02-27T00:00:00

Link: CVE-2023-27083

JSON object: View

NVD Information

Status : Modified

Published: 2023-06-22T20:15:09.213

Modified: 2023-11-07T04:09:49.890

Link: CVE-2023-27083

JSON object: View

Redhat Information

No data.

CWE

CWE-434

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pluck-cms:pluck:*:*:*:*:*:*:*:*", "matchCriteriaId": "B41F06FF-81EC-4D18-A140-9E23D3D2A24F", "versionEndExcluding": "4.7.16", "versionStartIncluding": "4.7.15", "vulnerable": true}, {"criteria": "cpe:2.3:a:pluck-cms:pluck:4.7.16:-:*:*:*:*:*:*", "matchCriteriaId": "B69F46BD-10D8-497D-81FB-AF7A5B1FC55A", "vulnerable": true}, {"criteria": "cpe:2.3:a:pluck-cms:pluck:4.7.16:dev1:*:*:*:*:*:*", "matchCriteriaId": "202CB88D-BDA3-4F58-8CAB-6224367CA33B", "vulnerable": true}, {"criteria": "cpe:2.3:a:pluck-cms:pluck:4.7.16:dev2:*:*:*:*:*:*", "matchCriteriaId": "6C20AFCB-BF33-42E3-A735-E0B7E9C6D4E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:pluck-cms:pluck:4.7.16:dev3:*:*:*:*:*:*", "matchCriteriaId": "7CD1FF6D-A0F9-46CF-AF24-1CBC4F858D13", "vulnerable": true}, {"criteria": "cpe:2.3:a:pluck-cms:pluck:4.7.16:dev4:*:*:*:*:*:*", "matchCriteriaId": "2A0E277D-0CB2-448C-9508-1E5719128EDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:pluck-cms:pluck:4.7.16:dev5:*:*:*:*:*:*", "matchCriteriaId": "B63818E7-30A0-4BEE-93B7-5B4942C4DD91", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality."}], "id": "CVE-2023-27083", "lastModified": "2023-11-07T04:09:49.890", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-06-22T20:15:09.213", "references": [{"source": "cve@mitre.org", "url": "https://medium.com/%40syed.pentester/authenticated-remote-code-execution-rce-on-pluckcms-4-7-15-c309ac1bd145"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}]}