CVE-2018-11736

Published June 5th, 2018

View on NVD ↗

CVSS v3

N/A

CVSS v2

7.5

HIGH

Affected

PROJECT

Description

An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file.

pluck-cms/pluck

Central repo for pluck cms

GitHub