PT-2024-30268 · Pluck Cms · Pluck Cms
Published
2024-08-16
·
Updated
2024-09-19
·
CVE-2024-43042
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Pluck CMS version 4.7.18
Description
The issue allows attackers to execute a brute force attack due to the lack of restriction on failed login attempts.
Recommendations
For Pluck CMS version 4.7.18, consider implementing a custom restriction on failed login attempts as a temporary workaround until a patch is available. Restrict access to the login functionality to minimize the risk of exploitation.
Exploit
Fix
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pluck Cms