CVE-2020-29607

This exploit demonstrates an authenticated file upload vulnerability in Pluck CMS 4.7.13, allowing an admin to bypass restrictions and upload a malicious PHAR file (webshell) for remote code execution. The PoC includes authentication, session handling, and a fully functional webshell payload.

This repository contains a functional exploit for CVE-2020-29607, which targets a file upload restriction bypass in Pluck CMS 4.7.13. The exploit authenticates as an admin, uploads a malicious .phar file (webshell), and achieves remote code execution.

This repository contains a functional exploit for CVE-2020-29607, which targets a file upload restriction bypass in Pluck CMS 4.7.13. The exploit authenticates as an admin, uploads a malicious .phar file, and achieves remote code execution.

This repository contains a functional exploit for CVE-2020-29607, targeting Pluck CMS. The exploit authenticates with provided credentials, uploads a malicious PHAR file via a multipart form-data request, and executes arbitrary commands through the uploaded shell.

This repository contains a functional Python exploit for CVE-2020-29607, which leverages an authenticated file upload vulnerability in Pluck CMS <= 4.7.13. The exploit uploads a .phar file (treated as PHP by Apache) via the admin file manager, resulting in remote code execution.

This repository contains a functional Python exploit for CVE-2020-29607, a file upload restriction bypass in Pluck CMS 4.7.13. The exploit authenticates as an admin, uploads a malicious .phar file, and achieves remote code execution via a minimal PHP webshell.

This exploit demonstrates an authenticated file upload vulnerability in Pluck CMS, allowing an attacker to upload a malicious PHP webshell. The script authenticates with the target, then uploads a shell disguised as a .phar file, bypassing restrictions to achieve remote code execution.

This repository contains a functional exploit for CVE-2020-29607, which leverages an authenticated file upload restriction bypass in Pluck CMS 4.7.13 to achieve remote code execution via a .phar file upload.

This repository contains a functional exploit for CVE-2020-29607, which targets a file upload restriction bypass in Pluck CMS 4.7.13. The exploit authenticates as an admin, uploads a malicious .phar file (webshell), and achieves remote code execution.