EIP-2026-111358

PRE-CVE

Pluck CMS 4.7.3 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111358. PoCs published by smash.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in Pluck CMS 4.7.3, including local file inclusion (LFI), arbitrary code execution via file upload, and stored XSS. The PoC includes detailed HTTP requests and responses showing successful exploitation.

Description

Pluck CMS 4.7.3 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by smash · textwebappsphp

https://www.exploit-db.com/exploits/38002

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in Pluck CMS 4.7.3, including local file inclusion (LFI), arbitrary code execution via file upload, and stored XSS. The PoC includes detailed HTTP requests and responses showing successful exploitation.

Classification

Working Poc 95%

Attack Type

Rce | Lpe | Xss | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Pluck CMS 4.7.3

Auth required

Prerequisites: Access to admin panel · Valid session cookie

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026