CVE-2025-46099

Published: Jul 23, 2025

Modified: Jul 23, 2025

PUBLISHED

Description

In Pluck CMS 4.7.20-dev, an authenticated attacker can upload or create a crafted PHP file under the albums module directory and access it via the module routing logic in albums.site.php, resulting in arbitrary command execution through a GET parameter.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://pluck.com

https://github.com/0xC4J/CVE-Lists/blob/main/CVE-2025-46099/CVE-2025-46099.md

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-46099

Description

Affected Products

References