This exploit demonstrates a directory traversal vulnerability in Pluck CMS 4.7, allowing unauthorized access to sensitive files via a crafted path in the 'image' parameter. The PoC retrieves the Windows system.ini file, confirming the flaw.
Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:Pluck CMS 4.7
No auth needed
Prerequisites:Target running Pluck CMS 4.7 with the albums module enabled