Lucene search
GoogleOSV:CVE-2021-31745HistoryDec 10, 2021 - 6:15 p.m.
CVE-2021-31745
2021-12-1018:15:07
Google
osv.dev
4
Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to sustain unauthorized access to the platform. Because Pluck does not invalidate prior sessions after a password change, access can be sustained even after an administrator performs regular remediation attempts such as resetting their password.
| CPE | Name | Operator | Version |
|---|---|---|---|
| pluck | eq | 4.7.13 | |
| pluck | eq | 4.7.11 | |
| pluck | eq | 4.7.15 | |
| pluck | eq | 4.7.9-dev3 | |
| pluck | eq | 4.7.11-dev2 | |
| pluck | eq | 4.7 | |
| pluck | eq | 4.7.9-dev1 | |
| pluck | eq | 4.7.10-dev2 | |
| pluck | eq | 4.7.8 | |
| pluck | eq | 4.7.4 |
References
Related
cve
cve
CVE-2021-31745
2021-12-10 18:15:07
prion
prion
Session fixation
2021-12-10 18:15:00
cvelist
cvelist
CVE-2021-31745
2021-12-10 17:40:21
nvd
nvd
CVE-2021-31745
2021-12-10 18:15:07