CVE-2024-42603

Name of the Vulnerable Software and Affected Versions Pligg CMS version 2.0.2

Description The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This vulnerability can be exploited via the "/admin/admin backup.php" endpoint, specifically when the dobackup parameter is set to clearall. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For Pligg CMS version 2.0.2, as a temporary workaround, consider disabling access to the "/admin/admin backup.php" endpoint until a patch is available. Restricting the use of the dobackup parameter, especially when set to clearall, can also help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.