CVE-2012-2435

Pligg CMS - Authenticated Path Traversal and Arbitrary File Execution via Captcha Parameter

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in the captcha module in Pligg CMS before 1.2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the captcha parameter to module.php, as demonstrated by cross-site request forgery (CSRF) attacks.

References (3)

Core 3

Scores

EPSS 0.0159
EPSS Percentile 72.8%

Details

CWE
CWE-22
Status published
Products (16)
pligg/pligg_cms
pligg/pligg_cms 1.0.0 (6 CPE variants)
pligg/pligg_cms 1.0.1
pligg/pligg_cms 1.0.2
pligg/pligg_cms 1.0.3
pligg/pligg_cms 1.0.4
pligg/pligg_cms 1.1.0
pligg/pligg_cms 1.1.2
pligg/pligg_cms 1.1.3
pligg/pligg_cms 1.1.4
... and 6 more
Published May 27, 2012
Tracked Since Feb 18, 2026