CVE-2024-9405 MEDIUM

CVE-2024-9405

Vendor Pluck Cms

Product Pluck CMS

Weakness CWE-23

Published October 1, 2024

Last update October 1, 2024

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

An incorrect limitation of a path to a restricted directory (path traversal) has been detected in Pluck CMS, affecting version 4.7.18. An unauthenticated attacker could extract sensitive information from the server via the absolute path of a file located in the same directory or subdirectory as the module, but not from recursive directories.

Key dates

02Disclosure timeline

October 1, 2024 CVE published

October 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-9405 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/23.html

Related vulnerabilities

04Related CVE

CVE-2022-29844 Western Digital My Cloud OS 5 arbitrary file read and write vulnerability via ftp CVE-2022-2106 Elcomplus SmartICS Path Traversal CVE-2025-25130 WordPress Delete Comments By Status plugin <= 1.5.3 - Local File Inclusion vulnerability CVE-2026-25121 apko is vulnerable to path traversal in apko dirFS which allows filesystem writes outside base CVE-2026-45188 Apache Kvrocks: Replication Fullsync Path Traversal via Unvalidated Filename Handling