CVE-2021-31745

Name of the Vulnerable Software and Affected Versions Pluck-CMS Pluck version 4.7.15

Description The issue allows an attacker to sustain unauthorized access to the platform due to a session fixation vulnerability in the login.php file. This is because prior sessions are not invalidated after a password change, enabling access to be sustained even after an administrator resets their password.

Recommendations For Pluck-CMS Pluck version 4.7.15, consider disabling the login functionality in login.php until a patch is available to mitigate the risk of session fixation. Restrict access to the login.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.