CVE-2014-8706

Name of the Vulnerable Software and Affected Versions Pluck CMS version 4.7.2

Description The issue allows remote attackers to obtain sensitive information. This can be achieved by modifying the PHPSESSID or the image parameter in specific ways, such as changing PHPSESSID to an array, adding non-alphanumeric characters to PHPSESSID, changing the image parameter to an array, or changing the image parameter to a string. These actions can reveal the installation path in an error message.

Recommendations For Pluck CMS version 4.7.2, consider restricting access to sensitive information and error messages to minimize the risk of exploitation. As a temporary workaround, avoid using array or string values for the image parameter and ensure PHPSESSID is properly validated to prevent manipulation.