Описание
Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to sustain unauthorized access to the platform. Because Pluck does not invalidate prior sessions after a password change, access can be sustained even after an administrator performs regular remediation attempts such as resetting their password.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:pluck-cms:pluck:4.7.15:-:*:*:*:*:*:*
EPSS
Процентиль: 57%
0.00346
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-384
Связанные уязвимости
github
около 4 лет назад
Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to sustain unauthorized access to the platform. Because Pluck does not invalidate prior sessions after a password change, access can be sustained even after an administrator performs regular remediation attempts such as resetting their password.
EPSS
Процентиль: 57%
0.00346
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-384