jenaye/pligg

Releases0

Stars6

Remote command execution (Authenticated RCE)

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-25287 ↗	Sep 13, 2020Sunday, 13 September 2020, 18:15	7.2 HIGH	6.5 MEDIUM
Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admin_editor.php the_file=..%2Findex.php&open=Open request.