An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-06-05T06:00:00Z

Updated: 2024-09-16T20:16:49.129Z

Reserved: 2018-06-05T00:00:00Z

Link: CVE-2018-11736

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-06-05T06:29:00.343

Modified: 2024-11-21T03:43:55.887

Link: CVE-2018-11736

cve-icon Redhat

No data.