CVE-2025-46099 Information
Jul 24, 2025
cve
Description
In Pluck CMS 4.7.20-dev an authenticated attacker can upload or create a crafted PHP file under the albums module directory and access it via the module routing logic in albums.site.php resulting in arbitrary command execution through a GET parameter.
Reference
http://pluck.com https://github.com/0xC4J/CVE-Lists/blob/main/CVE-2025-46099/CVE-2025-46099.md
Related CNNVD
CNNVD-202507-3022 (Published: 2025-07-23)
Share on: