Published: 25/09/2017 Updated: 06/10/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and previous versions, and Plone prior to 5.x.

Vulnerable Product	Search on Vulmon	Subscribe to Product
plone plone 4.3.11
plone plone 4.3.10
plone plone 4.3.9
plone plone 4.3.8
plone plone 4.2.2
plone plone 4.2.1
plone plone 4.2
plone plone 4.1.6
plone plone 4.0.3
plone plone 4.0.2
plone plone 4.0.1
plone plone 4.0
plone plone 4.3.3
plone plone 4.3.2
plone plone 4.3.1
plone plone 4.3
plone plone 4.1.1
plone plone 4.1
plone plone 4.0.10
plone plone 4.0.9
plone plone 3.3.1
plone plone 3.3
plone plone 4.3.14
plone plone 4.3.6
plone plone 4.3.4
plone plone 4.2.7
plone plone 4.2.5
plone plone 4.2.3
plone plone 4.1.5
plone plone 4.1.3
plone plone 4.0.7
plone plone 4.0.4
plone plone 3.3.6
plone plone 3.3.4
plone plone 3.3.2
plone plone 4.3.12
plone plone 4.3.7
plone plone 4.3.5
plone plone 4.2.6
plone plone 4.2.4
plone plone 4.1.4
plone plone 4.1.2
plone plone 4.0.8
plone plone 4.0.5
plone plone 3.3.5
plone plone 3.3.3
zope zope management interface

[+] Credits: hyp3rlinx [+] Website: hyp3rlinxaltervistaorg [+] Source: hyp3rlinxaltervistaorg/advisories/AS-ZOPE-CSRFtxt Vendor: ================================ wwwzopeorg ploneorg Product: ================================ Zope Management Interface 437 Zope is a Python-based application server for building secure and highl ...

CWE-352 https://www.exploit-db.com/exploits/38411/https://pypi.python.org/pypi/plone4.csrffixes https://plone.org/security/hotfix/20151006 http://packetstormsecurity.com/files/133889/Zope-Management-Interface-4.3.7-Cross-Site-Request-Forgery.html https://nvd.nist.gov https://www.exploit-db.com/exploits/38411/

CVE-2015-7293

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect