CVE-2008-6842

Pluck - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in data/modules/blog/module_pages_site.php in Pluck 4.6.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the post parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Alfons Luja · phpwebappsphp
https://www.exploit-db.com/exploits/8271

References (4)

Scores

EPSS 0.0271
EPSS Percentile 85.9%

Details

CWE
CWE-22
Status published
Products (1)
pluck-cms/pluck 4.6.1
Published Jul 02, 2009
Tracked Since Feb 18, 2026