Pligg CMS Multiple Security Vulnerabilities Network Vulnerability

Summary

Pligg CMS is prone to multiple security vulnerabilities because it fails to properly sanitize user-supplied input. These vulnerabilities include a local file-include vulnerability, a security-bypass vulnerability, and an authentication-bypass vulnerability. Attackers can exploit these issues to view and execute arbitrary local files in the context of the webserver process, bypass security- restrictions, and perform unauthorized actions. Versions prior to Pligg CMS 1.1.4 are vulnerable.

Solution

The vendor has released a fix. Please see the references for more information.

References

http://forums.pligg.com/current-version/23041-pligg-content-management-system-1-1-4-a.html
http://h.ackack.net/the-pligg-cms-0dayset-1.html
http://www.pligg.com/
https://www.securityfocus.com/bid/46998

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
Apache Tomcat TroubleShooter Servlet Installed
Apache Tiles Multiple XSS Vulnerability
Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities

Take action and discover your vulnerabilities