CVE-2012-2435
Pligg CMS - Authenticated Path Traversal and Arbitrary File Execution via Captcha Parameter
Title source: llmDescription
Directory traversal vulnerability in the captcha module in Pligg CMS before 1.2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the captcha parameter to module.php, as demonstrated by cross-site request forgery (CSRF) attacks.
References (3)
Core 3
Core References
Exploit x_refsource_misc
https://www.htbridge.com/advisory/HTB23089
Product x_refsource_confirm
http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2440
Various Sources x_refsource_confirm
http://forums.pligg.com/downloads.php?do=file&id=15
Scores
EPSS
0.0159
EPSS Percentile
72.8%
Details
CWE
CWE-22
Status
published
Products (16)
pligg/pligg_cms
pligg/pligg_cms
1.0.0 (6 CPE variants)
pligg/pligg_cms
1.0.1
pligg/pligg_cms
1.0.2
pligg/pligg_cms
1.0.3
pligg/pligg_cms
1.0.4
pligg/pligg_cms
1.1.0
pligg/pligg_cms
1.1.2
pligg/pligg_cms
1.1.3
pligg/pligg_cms
1.1.4
... and 6 more
Published
May 27, 2012
Tracked Since
Feb 18, 2026