This exploit demonstrates multiple vulnerabilities in Pluck CMS 4.7.3, including local file inclusion (LFI), arbitrary code execution via file upload, and stored XSS. The PoC includes detailed HTTP requests and responses showing successful exploitation.
Classification
Working Poc 95%
Attack Type
Rce | Lpe | Xss | Info Leak
Complexity
Trivial
Reliability
Reliable
Target:Pluck CMS 4.7.3
Auth required
Prerequisites:Access to admin panel · Valid session cookie