Описание
Pluck CMS 4.7.2 allows remote attackers to obtain sensitive information by (1) changing "PHPSESSID" to an array; (2) adding non-alphanumeric chars to "PHPSESSID"; (3) changing the image parameter to an array; or (4) changing the image parameter to a string, which reveals the installation path in an error message.
Ссылки
- Third Party Advisory
- Exploit
- Third Party Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:pluck-cms:pluck:4.7.2:*:*:*:*:*:*:*
EPSS
Процентиль: 47%
0.00244
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 5.3
github
больше 3 лет назад
Pluck CMS 4.7.2 allows remote attackers to obtain sensitive information by (1) changing "PHPSESSID" to an array; (2) adding non-alphanumeric chars to "PHPSESSID"; (3) changing the image parameter to an array; or (4) changing the image parameter to a string, which reveals the installation path in an error message.
EPSS
Процентиль: 47%
0.00244
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200