Описание
Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CMS 3.0.5 and 3.0.6 allow remote attackers to (1) add arbitrary accounts via the join_form page and (2) change the privileges of arbitrary groups via the prefs_groups_overview page.
Комментарий
Must login to view link 1015140
Ссылки
- Vendor Advisory
- Exploit
- Vendor Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:plone:plone_cms:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone_cms:3.0.6:*:*:*:*:*:*:*
EPSS
Процентиль: 47%
0.00242
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
ubuntu
больше 17 лет назад
Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CMS 3.0.5 and 3.0.6 allow remote attackers to (1) add arbitrary accounts via the join_form page and (2) change the privileges of arbitrary groups via the prefs_groups_overview page.
debian
больше 17 лет назад
Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CM ...
EPSS
Процентиль: 47%
0.00242
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-352