CVE-2024-42610

Name of the Vulnerable Software and Affected Versions Pligg CMS version 2.0.2

Description A Cross-Site Request Forgery (CSRF) issue was found in Pligg CMS. The vulnerability can be exploited via the /admin/admin backup.php endpoint with the dobackup parameter set to files. This allows an attacker to perform unauthorized actions on the system.

Recommendations For Pligg CMS version 2.0.2, as a temporary workaround, consider restricting access to the /admin/admin backup.php endpoint to minimize the risk of exploitation. Avoid using the dobackup parameter with the value files in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.