{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T13:20:30.378","vulnerabilities":[{"cve":{"id":"CVE-2020-29607","sourceIdentifier":"cve@mitre.org","published":"2020-12-16T15:15:12.727","lastModified":"2025-04-16T15:15:46.083","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the \"manage files\" functionality, which may result in remote code execution."},{"lang":"es","value":"Una vulnerabilidad de omisión de restricción de carga de archivos en Pluck CMS versiones anteriores a 4.7.13, permite a un usuario con privilegios de administrador conseguir acceso en el host por medio de la funcionalidad \"manage files\", lo que puede resultar en una ejecución de código remota"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pluck-cms:pluck:*:*:*:*:*:*:*:*","versionEndExcluding":"4.7.13","matchCriteriaId":"18A2A003-1153-47A7-9F1E-67AF40FD9E06"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/162785/Pluck-CMS-4.7.13-Remote-Shell-Upload.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Hacker5preme/Exploits/tree/main/CVE-2020-29607-Exploit","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2020-29607.md","source":"cve@mitre.org"},{"url":"https://github.com/pluck-cms/pluck/issues/96","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/162785/Pluck-CMS-4.7.13-Remote-Shell-Upload.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Hacker5preme/Exploits/tree/main/CVE-2020-29607-Exploit","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/pluck-cms/pluck/issues/96","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}