Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-26965
CVE-2022-26965:
Pluck CMS vulnerability analysis and mitigation
Overview
In Pluck CMS version 4.7.16, a vulnerability was discovered where an authenticated admin user could exploit the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution (NVD).
Technical details
The vulnerability exists in the theme upload functionality of Pluck CMS 4.7.16, specifically accessible through the path /admin.php?action=themeinstall. The issue allows authenticated administrators to upload malicious files through the theme installation feature (NVD).
Impact
The vulnerability allows authenticated administrators to perform remote code execution on the affected system through the theme upload functionality (NVD).
Mitigation and workarounds
Users should upgrade to a version of Pluck CMS newer than 4.7.16 that addresses this vulnerability. If immediate upgrade is not possible, administrators should restrict access to the theme installation functionality and carefully monitor any theme uploads (NVD).
Additional resources
Source: This report was generated using AI
Related Pluck CMS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management