Codeklaus

Name of the Vulnerable Software and Affected Versions: PluckCMS versions 4.7.4 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, potentially leading to the execution of a webshell. This is achieved by modifying the MIME TYPE in an HTTP request to upload a PHP file. The vulnerable component is located in data/inc/images.php at line 36. Recommendations: For PluckCMS versions 4.7.4 and earlier, update to a version after commit 09f0ab871bf633973cfd9fc4fe59d4a912397cf8 to resolve the issue. As a temporary workaround, consider restricting access to the data/inc/images.php file to minimize the risk of exploitation.