CVE-2023-50564 PoC — Pluck 安全漏洞

Source

https://github.com/thefizzyfish/CVE-2023-50564-pluck

Associated Vulnerability

Title:Pluck 安全漏洞 (CVE-2023-50564)
Description:An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file.

Description

CVE-2023-50564 -  An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file.

Readme

# CVE-2023-50564-pluck
CVE-2023-50564 An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file. This is an authenticated vulnerability.

Disclaimer: This code is meant for educational purposes only.

## Instructions:
```
usage: CVE-2023-50564.py [-h] -H TARGET_HOST -u USER -p PASSWORD -lhost LHOST -lport LPORT
```
1. Clone the repo to your working directory
![image](https://github.com/user-attachments/assets/3b68f1c5-1e30-43a5-9bac-bbc654e358ab)

2. Move to the new directory and run the script to get usage directions
![image](https://github.com/user-attachments/assets/f4aae827-7db0-4d73-b030-1b778489af0a)

3. Run the script against your target
![image](https://github.com/user-attachments/assets/1b5c27ec-1797-4651-9e82-ae7ac8f1ce6f)

File Snapshot


 [4.0K]  /data/pocs/cd344db32064e86595ba840136fbf8bac7a50a91
├── [5.5K]  CVE-2023-50564.py
├── [1.0K]  LICENSE
└── [ 869]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!