Vulnerabilities > Pluck CMS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-17 | CVE-2014-8706 | Information Exposure vulnerability in Pluck-Cms Pluck 4.7.2 Pluck CMS 4.7.2 allows remote attackers to obtain sensitive information by (1) changing "PHPSESSID" to an array; (2) adding non-alphanumeric chars to "PHPSESSID"; (3) changing the image parameter to an array; or (4) changing the image parameter to a string, which reveals the installation path in an error message. | 5.0 |
| 2012-02-21 | CVE-2012-1227 | Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7 Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that (1) modify the admin email address or (2) modify the blog title via a settings action; (3) add a page via an editpage action, or (4) add a categorie via the blog module. | 6.8 |
| 2009-07-02 | CVE-2008-6842 | Path Traversal vulnerability in Pluck-Cms Pluck 4.6.1 Directory traversal vulnerability in data/modules/blog/module_pages_site.php in Pluck 4.6.1 allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
| 2009-05-22 | CVE-2009-1765 | Path Traversal vulnerability in Pluck-Cms Pluck 4.6.2 Multiple directory traversal vulnerabilities in pluck 4.6.2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. | 6.8 |
| 2009-02-24 | CVE-2008-6253 | Path Traversal vulnerability in Pluck-Cms Pluck 4.5.3 Directory traversal vulnerability in data/inc/lib/pcltar.lib.php in Pluck 4.5.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the g_pcltar_lib_dir parameter. | 6.8 |