CVE-2020-18195

Name of the Vulnerable Software and Affected Versions: Pluck CMS version 4.7.9

Description: The issue allows remote attackers to execute arbitrary code and delete a specific article via the component "/admin.php?action=page". This is a Cross Site Request Forgery (CSRF) issue.

Recommendations: For Pluck CMS version 4.7.9, consider disabling access to the "/admin.php?action=page" component until a patch is available. Restrict access to the action parameter in the /admin.php endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.