CVE-2024-42619

Name of the Vulnerable Software and Affected Versions Pligg CMS version 2.0.2

Description A Cross-Site Request Forgery (CSRF) issue was discovered in Pligg CMS. The vulnerability can be exploited via the /admin/domain management.php endpoint with specific parameters such as id, list, and remove. For example, the id parameter is set to 0, the list parameter to whitelist, and the remove parameter to a specific domain like pligg.com. This allows for unauthorized actions.

Recommendations For Pligg CMS version 2.0.2, as a temporary workaround, consider restricting access to the /admin/domain management.php endpoint until a patch is available. Avoid using the remove parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.