PT-2024-39614 · Pluck Cms · Pluck Cms
David Utón Amaya
·
Published
2024-10-01
·
Updated
2024-10-04
·
CVE-2024-9405
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Pluck CMS version 4.7.18
Description
An issue has been detected in Pluck CMS where there is an incorrect limitation of a path to a restricted directory, also known as path traversal. This allows an unauthenticated attacker to extract sensitive information from the server via the absolute path of a file located in the same directory or subdirectory as the module. However, this does not affect recursive directories. The impact of this issue is unauthorized access to sensitive files.
Recommendations
For Pluck CMS version 4.7.18, patch immediately and review file permissions to mitigate the risk of unauthorized access to sensitive files. As a temporary workaround, consider restricting access to sensitive files and directories until a patch is applied.
Fix
Relative Path Traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pluck Cms