Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-26965 PoC — Pluck 代码问题漏洞

Source
https://github.com/SkDevilS/Pluck-Exploitation-by-skdevils
Associated Vulnerability
Title:Pluck 代码问题漏洞 (CVE-2022-26965)
Description:In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution.
Description
# Exploit Title: Pluck CMS 4.7.16 - Remote Code Execution (RCE) (Authenticated) # Date: 13.03.2022 # Exploit Author: Ashish Koli (Shikari) # Vendor Homepage: https://github.com/pluck-cms/pluck # Version: 4.7.16 # Tested on Ubuntu 20.04.3 LTS # CVE: CVE-2022-26965
Readme
# Pluck-Exploitation-by-skdevils
# Exploit Title: Pluck CMS 4.7.16 - Remote Code Execution (RCE) (Authenticated) # Date: 13.03.2022 # Exploit Author: Ashish Koli (Shikari) # Vendor Homepage: https://github.com/pluck-cms/pluck # Version: 4.7.16 # Tested on Ubuntu 20.04.3 LTS # CVE: CVE-2022-26965
File Snapshot

 [4.0K]  /data/pocs/c7010b9b699285291543573ec0ebb3ef0c418d29
├── [4.8K]  40616.c
├── [  71]  MACHINE DOWNLOAD LINK.txt
├── [1.2M]  PLUCK EXPLOITATION   CYBER SECURITY AND ETHICAL HACKING.pdf
├── [ 298]  README.md
└── [ 232]  Readme.txt

0 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →