CVE-2024-42611

Name of the Vulnerable Software and Affected Versions Pligg CMS version 2.0.2

Description The issue is related to a Cross-Site Request Forgery (CSRF) in Pligg CMS. This occurs via the admin/admin page.php endpoint with specific parameters: link id and mode. The link id is set to 1 and the mode is set to delete.

Recommendations For Pligg CMS version 2.0.2, consider disabling access to the admin/admin page.php endpoint with link id=1 and mode=delete parameters until a patch is available. Restricting the use of the link id and mode parameters in this endpoint can also help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.