Published: 27/05/2012 Updated: 29/05/2012

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Directory traversal vulnerability in the captcha module in Pligg CMS prior to 1.2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the captcha parameter to module.php, as demonstrated by cross-site request forgery (CSRF) attacks.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pligg pligg cms 9.9.5
pligg pligg cms 1.0.3
pligg pligg cms 1.0.4
pligg pligg cms 1.0.2
pligg pligg cms 1.0.0
pligg pligg cms 9.9.0
pligg pligg cms
pligg pligg cms 1.0.1
pligg pligg cms 9.5
pligg pligg cms 1.1.0
pligg pligg cms 1.2.0
pligg pligg cms 1.1.5
pligg pligg cms 1.1.4
pligg pligg cms 9.9
pligg pligg cms 1.1.3
pligg pligg cms 1.1.2

Pligg CMS version 121 suffers from cross site scripting and local file inclusion vulnerabilities ...

CWE-22 http://forums.pligg.com/downloads.php?do=file&id=15 https://www.htbridge.com/advisory/HTB23089 http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2440 https://nvd.nist.gov https://packetstormsecurity.com/files/113036/Pligg-CMS-1.2.1-Cross-Site-Scripting-Local-File-Inclusion.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-2435

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect