What is CVE-2020-29607?

CVE-2020-29607 is a vulnerability in N/a. Published 2020-12-16.

Is CVE-2020-29607 known to be exploited?

10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-29607

A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.

EPSS: 0.836 (99.3th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

abbarhissarh/CVE-2020-29607
estebanzarate/CVE-2020-29607-Pluck-CMS-4.7.13-Authenticated-File-Upload-RCE-PoC
0xN7y/CVE-2020-29607
CaelumIsMe/CVE-2020-29607-POC
Alienfader/CVE-2020-29607
ar2o3/CVE-2020-29607
0xAbbarhSF/CVE-2020-29607
ARPSyndicate/cvemon
Hacker5preme/Exploits
QuanPham247/THM-Dreaming

References

github.com/pluck-cms/pluck/issues/96
packetstormsecurity.com/files/162785/Pluck-CMS-4.7.13-Remote-Shell-Upload.html
github.com/Hacker5preme/Exploits/tree/main/CVE-2020-29607-Exploit
github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2020-29607.md

Frequently asked questions

What is CVE-2020-29607?: CVE-2020-29607 is a vulnerability in N/a. Published 2020-12-16.
Is CVE-2020-29607 known to be exploited?: 10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.