) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/a:pluck-cms:pluck:4.7.9:dev1
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2019-9052 |
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete pictures via a /admin.php?action=deleteimage&var1= URI. Published: February 23, 2019; 2:29:00 PM -0500 |
V3.0: 6.5 MEDIUM V2.0: 5.8 MEDIUM |
| CVE-2019-9051 |
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete articles via a /admin.php?action=deletepage&var1= URI. Published: February 23, 2019; 2:29:00 PM -0500 |
V3.0: 6.5 MEDIUM V2.0: 5.8 MEDIUM |
| CVE-2019-9050 |
An issue was discovered in Pluck 4.7.9-dev1. It allows administrators to execute arbitrary code by using action=installmodule to upload a ZIP archive, which is then extracted and executed. Published: February 23, 2019; 2:29:00 PM -0500 |
V3.0: 7.2 HIGH V2.0: 6.5 MEDIUM |
| CVE-2019-9049 |
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete modules via a /admin.php?action=module_delete&var1= URI. Published: February 23, 2019; 2:29:00 PM -0500 |
V3.0: 6.5 MEDIUM V2.0: 5.8 MEDIUM |
| CVE-2019-9048 |
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete a theme (aka topic) via a /admin.php?action=theme_delete&var1= URI. Published: February 23, 2019; 2:29:00 PM -0500 |
V3.0: 6.5 MEDIUM V2.0: 5.8 MEDIUM |