4.3

CVE-2008-0164

Exploit
Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CMS 3.0.5 and 3.0.6 allow remote attackers to (1) add arbitrary accounts via the join_form page and (2) change the privileges of arbitrary groups via the prefs_groups_overview page.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PlonePlone Cms Version3.0.5
PlonePlone Cms Version3.0.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.64% 0.459
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

http://plone.org/about/security/advisories/cve-2008-0164
http://secunia.com/advisories/29361
Vendor Advisory
http://securityreason.com/securityalert/3754
http://www.procheckup.com/Hacking_Plone_CMS.pdf
Exploit
http://www.securityfocus.com/archive/1/489544/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/41263