CVE-2008-3574

Pluck 4.5.2 - Cross-Site Scripting via Multiple Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3574. PoCs published by Khashayar Fereidani.

AI-analyzed exploit summary The provided text describes multiple XSS vulnerabilities in Pluck CMS due to insufficient sanitization of user-supplied data in various PHP files. It lists affected parameters and URLs but does not include executable exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lang_footer parameter to (a) data/inc/footer.php; the (2) pluck_version, (3) lang_install22, (4) titelkop, (5) lang_kop1, (6) lang_kop2, (7) lang_modules, (8) lang_kop4, (9) lang_kop15, (10) lang_kop5, and (11) titelkop parameters to (b) data/inc/header.php; the pluck_version and titelkop parameters to (c) data/inc/header2.php; and the (14) lang_theme6 parameter to (d) data/inc/themeinstall.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Khashayar Fereidani · textwebappsphp
https://www.exploit-db.com/exploits/32168

The provided text describes multiple XSS vulnerabilities in Pluck CMS due to insufficient sanitization of user-supplied data in various PHP files. It lists affected parameters and URLs but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: Pluck CMS 4.5.2
No auth needed
Prerequisites: Access to vulnerable Pluck CMS instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44237
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/495110/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30542
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4125

Scores

EPSS 0.0151
EPSS Percentile 71.2%

Details

CWE
CWE-79
Status published
Products (1)
pluck/pluck 4.5.2
Published Aug 10, 2008
Tracked Since Feb 18, 2026