CVE-2024-43042

Pluck CMS 4.7.18 does not restrict failed login attempts, allowing attackers to execute a brute force attack.
Configurations

Configuration 1 (hide)

cpe:2.3:a:pluck-cms:pluck:4.7.18:-:*:*:*:*:*:*

History

19 Sep 2024, 21:01

Type Values Removed Values Added
First Time Pluck-cms
Pluck-cms pluck
CWE CWE-307
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
References () https://drive.google.com/file/d/1FnLCFP8xDrE1e_4Ft_TZ7VhC-JBkpsL0/view?usp=sharing - () https://drive.google.com/file/d/1FnLCFP8xDrE1e_4Ft_TZ7VhC-JBkpsL0/view?usp=sharing - Exploit, Third Party Advisory
References () https://github.com/pluck-cms/pluck - () https://github.com/pluck-cms/pluck - Product
CPE cpe:2.3:a:pluck-cms:pluck:4.7.18:-:*:*:*:*:*:*

19 Aug 2024, 13:00

Type Values Removed Values Added
Summary
  • (es) Pluck CMS 4.7.18 no restringe los intentos fallidos de inicio de sesión, lo que permite a los atacantes ejecutar un ataque de fuerza bruta.

16 Aug 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-16 20:15

Updated : 2024-09-19 21:01


NVD link : CVE-2024-43042

Mitre link : CVE-2024-43042

CVE.ORG link : CVE-2024-43042


JSON object : View

Products Affected

pluck-cms

  • pluck
CWE
CWE-307

Improper Restriction of Excessive Authentication Attempts