CVE-2024-42607

Name of the Vulnerable Software and Affected Versions Pligg CMS version 2.0.2

Description A Cross-Site Request Forgery (CSRF) issue was found in Pligg CMS. The vulnerability can be exploited via the /admin/admin backup.php endpoint with the dobackup parameter set to database.

Recommendations For Pligg CMS version 2.0.2, as a temporary workaround, consider restricting access to the /admin/admin backup.php endpoint until a patch is available. Avoid using the dobackup parameter set to database in the affected endpoint until the issue is resolved.