Pluck CMS 4.7.18 does not restrict failed login attempts, allowing attackers to execute a brute force attack.
References
Link | Resource |
---|---|
https://drive.google.com/file/d/1FnLCFP8xDrE1e_4Ft_TZ7VhC-JBkpsL0/view?usp=sharing | Exploit Third Party Advisory |
https://github.com/pluck-cms/pluck | Product |
Configurations
History
19 Sep 2024, 21:01
Type | Values Removed | Values Added |
---|---|---|
First Time |
Pluck-cms
Pluck-cms pluck |
|
CWE | CWE-307 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | () https://drive.google.com/file/d/1FnLCFP8xDrE1e_4Ft_TZ7VhC-JBkpsL0/view?usp=sharing - Exploit, Third Party Advisory | |
References | () https://github.com/pluck-cms/pluck - Product | |
CPE | cpe:2.3:a:pluck-cms:pluck:4.7.18:-:*:*:*:*:*:* |
19 Aug 2024, 13:00
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
16 Aug 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-16 20:15
Updated : 2024-09-19 21:01
NVD link : CVE-2024-43042
Mitre link : CVE-2024-43042
CVE.ORG link : CVE-2024-43042
JSON object : View
Products Affected
pluck-cms
- pluck
CWE
CWE-307
Improper Restriction of Excessive Authentication Attempts