Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Pligg before 1.0.3 allow remote attackers to hijack the authentication of administrators for requests that create user accounts or have unspecified other impact.
References (3)
Core 3
Core References
Various Sources x_refsource_misc
http://holisticinfosec.org/content/view/130/45/
Vendor Advisory x_refsource_confirm
http://www.pligg.com/blog/775/pligg-cms-1-0-3-release/
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37349
Scores
EPSS
0.0091
EPSS Percentile
55.6%
Details
CWE
CWE-352
Status
published
Products (3)
pligg/pligg_cms
1.0.0 (6 CPE variants)
pligg/pligg_cms
1.0.1
pligg/pligg_cms
< 1.0.2
Published
Apr 21, 2010
Tracked Since
Feb 18, 2026