CVE-2020-20918

Name of the Vulnerable Software and Affected Versions Pluck CMS version 4.7.10-dev2

Description The issue allows a remote attacker to execute arbitrary php code via the hidden parameter to "admin.php" when editing a page.

Recommendations For Pluck CMS version 4.7.10-dev2, as a temporary workaround, consider restricting access to the "admin.php" endpoint or disabling the editing functionality until a patch is available. Avoid using the hidden parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.