VYPR
Unrated severityNVD Advisory· Published Dec 10, 2021· Updated Aug 3, 2024

CVE-2021-31745

CVE-2021-31745

Description

Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to sustain unauthorized access to the platform. Because Pluck does not invalidate prior sessions after a password change, access can be sustained even after an administrator performs regular remediation attempts such as resetting their password.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Pluck-CMS/Pluckdescription
  • Pluck/Pluckllm-fuzzy
    Range: = 4.7.15

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.