CVE-2024-9405

Summary

CVE-2024-9405 is a vulnerability identified in Pluck CMS version 4.7.18, which allows for path traversal due to incorrect limitations on accessing a restricted directory. This weakness enables unauthenticated attackers to potentially extract sensitive information by accessing files located within the same directory or its subdirectories. The vulnerability poses a medium severity risk, with an exploitability score of 3.9, indicating low complexity and no required user interaction. To remediate this issue, organizations should upgrade to a patched version of Pluck CMS that addresses this path traversal vulnerability. Failure to act may lead to unauthorized disclosure of confidential data from affected systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.