CVE-2024-42604

Name of the Vulnerable Software and Affected Versions Pligg CMS version 2.0.2

Description A Cross-Site Request Forgery (CSRF) issue was discovered in Pligg CMS. The vulnerability can be exploited via the "/admin/admin group.php?mode=delete&group id=3" endpoint. This allows for unauthorized actions to be performed on the system.

Recommendations For Pligg CMS version 2.0.2, as a temporary workaround, consider disabling access to the "/admin/admin group.php" endpoint until a patch is available. Restrict access to the group id parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.