Vulnerability Description
Directory traversal vulnerability in the captcha module in Pligg CMS before 1.2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the captcha parameter to module.php, as demonstrated by cross-site request forgery (CSRF) attacks.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pligg | Pligg Cms | All versions |
Related Weaknesses (CWE)
References
- http://forums.pligg.com/downloads.php?do=file&id=15
- http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2440
- https://www.htbridge.com/advisory/HTB23089Exploit
- http://forums.pligg.com/downloads.php?do=file&id=15
- http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2440
- https://www.htbridge.com/advisory/HTB23089Exploit
FAQ
What is CVE-2012-2435?
CVE-2012-2435 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Directory traversal vulnerability in the captcha module in Pligg CMS before 1.2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the captcha param...
How severe is CVE-2012-2435?
CVE-2012-2435 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2435?
Check the references section above for vendor advisories and patch information. Affected products include: Pligg Pligg Cms.