CVE-2023-50564 PoC — Pluck 安全漏洞

Source

https://github.com/thefizzyfish/CVE-2023-50564-pluck

Associated Vulnerability

Title:Pluck 安全漏洞 (CVE-2023-50564)
Description:Pluck是一套使用PHP语言开发的内容管理系统（CMS）。 Pluck v4.7.18版本存在安全漏洞，该漏洞源于组件 /inc/modules_install.php 中存在任意文件上传漏洞，允许攻击者通过上传精心设计的 ZIP 文件来执行任意代码。

Description

CVE-2023-50564 -  An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file.

Readme

# CVE-2023-50564-pluck
CVE-2023-50564 An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file. This is an authenticated vulnerability.

Disclaimer: This code is meant for educational purposes only.

## Instructions:
```
usage: CVE-2023-50564.py [-h] -H TARGET_HOST -u USER -p PASSWORD -lhost LHOST -lport LPORT
```
1. Clone the repo to your working directory
![image](https://github.com/user-attachments/assets/3b68f1c5-1e30-43a5-9bac-bbc654e358ab)

2. Move to the new directory and run the script to get usage directions
![image](https://github.com/user-attachments/assets/f4aae827-7db0-4d73-b030-1b778489af0a)

3. Run the script against your target
![image](https://github.com/user-attachments/assets/1b5c27ec-1797-4651-9e82-ae7ac8f1ce6f)

File Snapshot


 [4.0K]  /data/pocs/cd344db32064e86595ba840136fbf8bac7a50a91
├── [5.5K]  CVE-2023-50564.py
├── [1.0K]  LICENSE
└── [ 869]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!