CVE-2020-20969 in PluckCMSinfo

Summary

by MITRE • 06/20/2023

File Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacker to execute arbitrary code via the trashcan_restoreitem.php file.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 12/07/2025

The vulnerability identified as CVE-2020-20969 represents a critical file upload flaw within PluckCMS version 4.7.10 that exposes the application to remote code execution attacks. This vulnerability specifically targets the trashcan_restoreitem.php component, which serves as a recovery mechanism for deleted content within the CMS platform. The flaw stems from inadequate input validation and sanitization processes that fail to properly verify file types and content before processing uploads, creating an exploitable entry point for malicious actors.

Technical exploitation of this vulnerability occurs when an attacker uploads a malicious file through the trashcan_restoreitem.php endpoint without proper authorization. The vulnerability falls under CWE-434 which categorizes insecure file upload handling, where applications fail to validate file types, content, or enforce proper access controls during file processing. The flaw allows attackers to bypass normal file validation mechanisms and execute arbitrary code on the target system with the privileges of the web application. This represents a severe privilege escalation vector that can lead to complete system compromise when combined with other attack techniques.

The operational impact of CVE-2020-20969 extends beyond simple code execution to encompass full system compromise and data breach potential. Attackers can leverage this vulnerability to establish persistent backdoors, exfiltrate sensitive data, modify website content, or use the compromised system as a launchpad for further attacks within the network infrastructure. The vulnerability affects organizations using PluckCMS 4.7.10 and earlier versions, making it particularly dangerous as it targets a widely deployed content management solution. The remote nature of the attack means that exploitation can occur from anywhere on the internet without requiring physical access to the target network.

Security mitigations for this vulnerability should prioritize immediate patching of affected PluckCMS installations to version 4.7.11 or later, which contains the necessary fixes for the file upload validation mechanisms. Organizations should implement network-level restrictions to limit access to the trashcan_restoreitem.php endpoint and enforce strict file type validation at multiple layers of the application architecture. Additionally, implementing web application firewalls with rules specifically targeting file upload patterns and conducting regular security assessments of CMS installations can help prevent exploitation. The vulnerability aligns with ATT&CK technique T1190 for exploitation of remote services and T1059 for command and scripting interpreter, making it a critical target for both defensive and offensive security operations.

Reservation

08/13/2020

Disclosure

06/20/2023

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.06258

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!