CVE-2012-2435
Last modified
CVE-2012-2435 is a vulnerability of currently unknown severity. Directory traversal vulnerability in the captcha module in Pligg CMS before 1.2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the captcha parameter to module.php, as demonstrated by cross-site request forgery (CSRF) attacks.. EPSS estimates a 1.59% chance of exploitation in the next 30 days.
Description
Directory traversal vulnerability in the captcha module in Pligg CMS before 1.2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the captcha parameter to module.php, as demonstrated by cross-site request forgery (CSRF) attacks.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Pligg | Pligg Cms | All versions |
| Pligg | Pligg Cms | <= 1.2.1 |
| Pligg | Pligg Cms | 1.0.0 |
| Pligg | Pligg Cms | 1.0.1 |
| Pligg | Pligg Cms | 1.0.2 |
| Pligg | Pligg Cms | 1.0.3 |
| Pligg | Pligg Cms | 1.0.4 |
| Pligg | Pligg Cms | 1.1.0 |
| Pligg | Pligg Cms | 1.1.2 |
| Pligg | Pligg Cms | 1.1.3 |
| Pligg | Pligg Cms | 1.1.4 |
| Pligg | Pligg Cms | 1.1.5 |
| Pligg | Pligg Cms | 1.2.0 |
| Pligg | Pligg Cms | 9.5 |
| Pligg | Pligg Cms | 9.9 |
| Pligg | Pligg Cms | 9.9.0 |
| Pligg | Pligg Cms | 9.9.5 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2012-2435?
How severe is CVE-2012-2435?
How do I fix CVE-2012-2435?
Are you affected by CVE-2012-2435?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST