VYPR
Medium severity5.3NVD Advisory· Published Oct 1, 2024· Updated Apr 15, 2026

CVE-2024-9405

CVE-2024-9405

Description

An incorrect limitation of a path to a restricted directory (path traversal) has been detected in Pluck CMS, affecting version 4.7.18. An unauthenticated attacker could extract sensitive information from the server via the absolute path of a file located in the same directory or subdirectory as the module, but not from recursive directories.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Pluck/Pluckinferred2 versions
    = 4.7.18+ 1 more
    • (no CPE)range: = 4.7.18
    • (no CPE)range: = 4.7.18

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.