← back
CVE-2020-29607

CVE-2020-29607

EPSS 33.4%
Vexday Risk Score
35Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Proof of concept
Popular PoC on GitHub (6 stars) — exploitation code widely available.
CVSS EPSS 33.4%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
16 Dec 2020Published on NVD
26 May 2021Public PoC
Weaponization speed
160 daysto first PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.