First published: Tue Oct 01 2024(Updated: )
An incorrect limitation of a path to a restricted directory (path traversal) has been detected in Pluck CMS, affecting version 4.7.18. An unauthenticated attacker could extract sensitive information from the server via the absolute path of a file located in the same directory or subdirectory as the module, but not from recursive directories.
Credit: cve-coordination@incibe.es
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.