Pluck CMS 4.7.7-dev2 contained a critical Remote Code Execution (RCE) Pluck CMS 4.7.7-dev2 contained a critical Remote Code Execution (RCE) vulnerability.
This flaw primarily stemmed from insecure file upload and directory traversal mechanisms.
Attackers could exploit it by uploading malicious PHP files, often webshells, to the server.
By manipulating the upload path, these files could be placed in web-accessible directories.
Accessing the uploaded file via a browser would then execute arbitrary code on the server.
This granted attackers full control over the compromised web server.
Impact included data theft, website defacement, and further system compromise.
The vulnerability was addressed in subsequent versions of Pluck CMS.
Users were strongly advised to update their installations immediately.
This highlights the necessity of robust input validation and secure file handling in web applications.

# Exploit Title: Pluck 4.7.7-dev2 - PHP Code Execution
# Date: 2024-10-26
# Exploit Author: CodeSecLab
# Vendor Homepage: https://github.com/pluck-cms/pluck
# Software Link: https://github.com/pluck-cms/pluck
# Version: 4.74-dev5
# Tested on: Ubuntu Windows
# CVE : CVE-2018-11736

PoC:
1?
1. Log in to the Pluck admin panel.\n
2. Navigate to the 'Manage Images' section at http://pluck1/admin.php?action=images.\n
3. Upload a file named '.htaccess' with the content-type 'image/jpeg' containing 'AddType application/x-httpd-php .jpg'.\n
4. Access the target directory (e.g., http://pluck1/images/test.jpg) to execute PHP code with the .jpg extension.

2)
.htaccess content:
RewriteEngine On
RewriteRule .* http://www.baidu.com/ [R,L]