FKIE_CVE-2023-25828

Vulnerability from fkie_nvd - Published: 2023-03-27 17:15 - Updated: 2025-02-19 17:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Pluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization process before being available on the site. Due to lack of file extension validation, it is possible to upload a crafted JPEG payload containing an embedded PHP web-shell. An attacker may navigate to it directly to achieve RCE on the underlying web server. Administrator credentials for the Pluck CMS web interface are required to access the albums module feature, and are thus required to exploit this vulnerability. CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C (8.2 High)
References
disclosure@synopsys.comhttps://www.synopsys.com/blogs/software-security/pluck-cms-vulnerability/Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.synopsys.com/blogs/software-security/pluck-cms-vulnerability/Patch, Third Party Advisory
Impacted products
Vendor Product Version
pluck-cms pluck *
pluck-cms pluck 4.7.16
pluck-cms pluck 4.7.16
pluck-cms pluck 4.7.16
pluck-cms pluck 4.7.16
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pluck-cms:pluck:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "68FEF945-EB20-4C8A-AE93-E8FBF280D3D1",
              "versionEndExcluding": "4.7.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pluck-cms:pluck:4.7.16:dev1:*:*:*:*:*:*",
              "matchCriteriaId": "202CB88D-BDA3-4F58-8CAB-6224367CA33B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pluck-cms:pluck:4.7.16:dev2:*:*:*:*:*:*",
              "matchCriteriaId": "6C20AFCB-BF33-42E3-A735-E0B7E9C6D4E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pluck-cms:pluck:4.7.16:dev3:*:*:*:*:*:*",
              "matchCriteriaId": "7CD1FF6D-A0F9-46CF-AF24-1CBC4F858D13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pluck-cms:pluck:4.7.16:dev4:*:*:*:*:*:*",
              "matchCriteriaId": "2A0E277D-0CB2-448C-9508-1E5719128EDC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\nPluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its \u201calbums\u201d module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization process before being available on the site. Due to lack of file extension validation, it is possible to upload a crafted JPEG payload containing an embedded PHP web-shell. An attacker may navigate to it directly to achieve RCE on the underlying web server. Administrator credentials for the Pluck CMS web interface are required to access the albums module feature, and are thus required to exploit this vulnerability. CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C (8.2 High)\n\n\n\n"
    }
  ],
  "id": "CVE-2023-25828",
  "lastModified": "2025-02-19T17:15:13.397",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-03-27T17:15:09.480",
  "references": [
    {
      "source": "disclosure@synopsys.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.synopsys.com/blogs/software-security/pluck-cms-vulnerability/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.synopsys.com/blogs/software-security/pluck-cms-vulnerability/"
    }
  ],
  "sourceIdentifier": "disclosure@synopsys.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "disclosure@synopsys.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.