PT-2019-19335 · Pluck · Pluck

China-Eugene

·

Publicado

2019-02-23

·

Atualizado

2019-02-25

·

CVE-2019-9050

CVSS v3.1

7.2

Alta

VetorAV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Pluck version 4.7.9-dev1
Description An issue allows administrators to execute arbitrary code by using the action installmodule to upload a ZIP archive, which is then extracted and executed.
Recommendations For Pluck version 4.7.9-dev1, avoid using the action=installmodule parameter to upload ZIP archives until a fix is available. As a temporary workaround, consider restricting access to the module installation feature to minimize the risk of exploitation.

Exploit

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2019-9050

Produtos afetados

Pluck