An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file.
CPE | Name | Operator | Version |
---|---|---|---|
pluck | le | 4.7.7 | |
pluck | eq | 4.7.7 dev1 |