CVE-2022-26965

HIGH

Pluck 4.7.16 - Authenticated Remote Code Execution via Theme Upload

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-26965. PoCs published by Ashish Koli, SkDevilS.

AI-analyzed exploit summary This exploit targets CVE-2022-26965 in Pluck CMS 4.7.16, leveraging authenticated theme upload functionality to achieve remote code execution. It authenticates as an admin, uploads a malicious theme archive (shell.tar), and deploys a webshell.

Description

In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution.

Exploits (2)

exploitdb WORKING POC

by Ashish Koli · pythonwebappsphp

https://www.exploit-db.com/exploits/50826

View Code ZIP pw:eip

This exploit targets CVE-2022-26965 in Pluck CMS 4.7.16, leveraging authenticated theme upload functionality to achieve remote code execution. It authenticates as an admin, uploads a malicious theme archive (shell.tar), and deploys a webshell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Pluck CMS 4.7.16

Auth required

Prerequisites: Admin credentials · Network access to target · Theme upload functionality enabled

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by SkDevilS · poc

https://github.com/SkDevilS/Pluck-Exploitation-by-skdevils

View Code ZIP pw:eip

This repository contains a working privilege escalation exploit for CVE-2022-26965, leveraging the DirtyCow vulnerability to overwrite a SUID binary with a shellcode payload. The exploit is designed to gain root access on vulnerable Linux systems.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Racy

Target: Linux kernel (DirtyCow vulnerability)

No auth needed

Prerequisites: Vulnerable Linux kernel · Access to a SUID binary (e.g., /usr/bin/passwd)

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1211 - Exploitation for Defense Evasion

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://youtu.be/sN6J_X4mEbY

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://packetstormsecurity.com/files/166336/Pluck-CMS-4.7.16-Shell-Upload.html

Scores

CVSS v3 7.2

EPSS 0.3772

EPSS Percentile 98.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

pluck-cms/pluck 4.7.16

Published Mar 18, 2022

Tracked Since Feb 18, 2026