Arbitrary Code Execution via ZIP Archive Upload in Pluck 4.7.9-dev1

Arbitrary Code Execution via ZIP Archive Upload in Pluck 4.7.9-dev1

CVE-2019-9050 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

An issue was discovered in Pluck 4.7.9-dev1. It allows administrators to execute arbitrary code by using action=installmodule to upload a ZIP archive, which is then extracted and executed.

Learn more about our Web Application Penetration Testing UK.