Exploit for Unrestricted Upload of File with Dangerous Type in Pluck-Cms Pluck CVE-2023-50564

Name: Exploit for Unrestricted Upload of File with Dangerous Type in Pluck-Cms Pluck CVE-2023-50564
Rating: 5 (193 reviews)

2024-08-24 | CVSS 8.8

## https://sploitus.com/exploit?id=DFCCD8C5-51B7-5D80-97B6-FA6CA5E90AEA
# CVE-2023-50564-pluck
CVE-2023-50564 An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file. This is an authenticated vulnerability.

Disclaimer: This code is meant for educational purposes only.

## Instructions:
```
usage: CVE-2023-50564.py [-h] -H TARGET_HOST -u USER -p PASSWORD -lhost LHOST -lport LPORT
```
1. Clone the repo to your working directory
![image](https://github.com/user-attachments/assets/3b68f1c5-1e30-43a5-9bac-bbc654e358ab)

2. Move to the new directory and run the script to get usage directions
![image](https://github.com/user-attachments/assets/f4aae827-7db0-4d73-b030-1b778489af0a)

3. Run the script against your target
![image](https://github.com/user-attachments/assets/1b5c27ec-1797-4651-9e82-ae7ac8f1ce6f)



# Credit
Mirabbas Ağalarov for discovering and reporthing the vulnerability