Summary
Pligg CMS is prone to multiple security vulnerabilities because it fails to properly sanitize user-supplied input. These vulnerabilities include a local file-include vulnerability, a security-bypass vulnerability, and an authentication-bypass vulnerability.
Attackers can exploit these issues to view and execute arbitrary local files in the context of the webserver process, bypass security- restrictions, and perform unauthorized actions.
Versions prior to Pligg CMS 1.1.4 are vulnerable.
Solution
The vendor has released a fix. Please see the references for more information.
References
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
- Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
- Apache Tomcat Login Constraints Security Bypass Vulnerability
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
- Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities