Unrated severityNVD Advisory· Published Dec 10, 2021· Updated Aug 3, 2024
CVE-2021-31745
CVE-2021-31745
Description
Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to sustain unauthorized access to the platform. Because Pluck does not invalidate prior sessions after a password change, access can be sustained even after an administrator performs regular remediation attempts such as resetting their password.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Pluck-CMS/Pluckdescription
Patches
Vulnerability mechanics
References
1- github.com/pluck-cms/pluck/issues/99mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.