Session Fixation vulnerability in login.php in Pluck-CMS...
High severity
Unreviewed
Published
Dec 11, 2021
to the GitHub Advisory Database
•
Updated Feb 1, 2023
Description
Published by the National Vulnerability Database
Dec 10, 2021
Published to the GitHub Advisory Database
Dec 11, 2021
Last updated
Feb 1, 2023
Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to sustain unauthorized access to the platform. Because Pluck does not invalidate prior sessions after a password change, access can be sustained even after an administrator performs regular remediation attempts such as resetting their password.
References