Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an malicious user to sustain unauthorized access to the platform. Because Pluck does not invalidate prior sessions after a password change, access can be sustained even after an administrator performs regular remediation attempts such as resetting their password.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pluck-cms pluck 4.7.15 |