CVE-2020-18195 – This CSRF vulnerability in Pluck CMS v4.7.9 all... (How to Fix)

Q: What is the severity of CVE-2020-18195?

CVE-2020-18195 has a CVSS score of 8.8 (HIGH). This CSRF vulnerability in Pluck CMS v4.7.9 allows attackers to trick authenticated administrators into performing unauthorized actions, specifically deleting articles via the admin interface. Any Pluck CMS installation running the vulnerable version with admin access is affected.

📋 TL;DR

This CSRF vulnerability in Pluck CMS v4.7.9 allows attackers to trick authenticated administrators into performing unauthorized actions, specifically deleting articles via the admin interface. Any Pluck CMS installation running the vulnerable version with admin access is affected.

💻 Affected Systems

Products:

Pluck CMS

Versions: v4.7.9

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires admin authentication, but CSRF can bypass this via tricking logged-in admins.

📦 What is this software?

Pluck by Pluck Cms

View all CVEs affecting Pluck →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could delete all website content, deface the site, or chain with other vulnerabilities to achieve remote code execution.

🟠

Likely Case

Targeted deletion of specific articles or pages, potentially causing content loss and website disruption.

🟢

If Mitigated

With proper CSRF protections, the attack would fail as the forged requests would be rejected.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires social engineering to trick an admin into clicking a malicious link while authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v4.7.10 or later

Vendor Advisory: https://github.com/pluck-cms/pluck/issues/69

Restart Required: No

Instructions:

1. Backup your Pluck CMS installation. 2. Download the latest version from the official repository. 3. Replace the vulnerable files with the patched version. 4. Verify the admin interface includes CSRF tokens.

🔧 Temporary Workarounds

Implement CSRF Protection Manually

all

Add CSRF tokens to admin forms and validate them on submission.

Restrict Admin Access

linux

Limit admin panel access to specific IP addresses using .htaccess or web server configuration.

Order deny,allow
Deny from all
Allow from 192.168.1.0/24

🧯 If You Can't Patch

Implement strict SameSite cookie policies and use anti-CSRF middleware.
Educate administrators to log out of the admin panel when not in use and avoid clicking suspicious links.

🔍 How to Verify

Check if Vulnerable:

Check if your Pluck CMS version is 4.7.9 by viewing the version file or admin panel.

Check Version:

cat /path/to/pluck/data/settings/version.dat

Verify Fix Applied:

After updating, confirm the version is 4.7.10+ and test that admin forms include CSRF tokens.

📡 Detection & Monitoring

Log Indicators:

Multiple DELETE requests to /admin.php?action=page from unusual IPs or user agents
Admin actions without corresponding login events

Network Indicators:

Unexpected POST/DELETE requests to admin endpoints with referer headers pointing to external domains

SIEM Query:

source="web_logs" AND uri="/admin.php" AND action="page" AND method="DELETE"

📊 Metadata

CVE ID: CVE-2020-18195

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: May 17, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/pluck-cms/pluck/issues/69 Exploit,Issue Tracking,Third Party Advisory
https://github.com/pluck-cms/pluck/issues/69 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-18195, you might also want to check these: