CyberSec.Space Logo
Back to CVE Browser

CVE-2015-7293

HIGH
8.8
CVSS Severity Score
EPSS Score0.0420%
EPSS Percentile13.90th
PublishedSep 25, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.

Affected Platforms (CPE)

πŸ“¦
Plone

Plone

= 3.3
πŸ“¦
Plone

Plone

= 3.3.1
πŸ“¦
Plone

Plone

= 3.3.2
πŸ“¦
Plone

Plone

= 3.3.3
πŸ“¦
Plone

Plone

= 3.3.4
πŸ“¦
Plone

Plone

= 3.3.5
πŸ“¦
Plone

Plone

= 3.3.6
πŸ“¦
Plone

Plone

= 4.0
πŸ“¦
Plone

Plone

= 4.0.1
πŸ“¦
Plone

Plone

= 4.0.2
πŸ“¦
Plone

Plone

= 4.0.3
πŸ“¦
Plone

Plone

= 4.0.4
πŸ“¦
Plone

Plone

= 4.0.5
πŸ“¦
Plone

Plone

= 4.0.7
πŸ“¦
Plone

Plone

= 4.0.8
πŸ“¦
Plone

Plone

= 4.0.9
πŸ“¦
Plone

Plone

= 4.0.10
πŸ“¦
Plone

Plone

= 4.1
πŸ“¦
Plone

Plone

= 4.1.1
πŸ“¦
Plone

Plone

= 4.1.2
πŸ“¦
Plone

Plone

= 4.1.3
πŸ“¦
Plone

Plone

= 4.1.4
πŸ“¦
Plone

Plone

= 4.1.5
πŸ“¦
Plone

Plone

= 4.1.6
πŸ“¦
Plone

Plone

= 4.2
πŸ“¦
Plone

Plone

= 4.2.1
πŸ“¦
Plone

Plone

= 4.2.2
πŸ“¦
Plone

Plone

= 4.2.3
πŸ“¦
Plone

Plone

= 4.2.4
πŸ“¦
Plone

Plone

= 4.2.5
πŸ“¦
Plone

Plone

= 4.2.6
πŸ“¦
Plone

Plone

= 4.2.7
πŸ“¦
Plone

Plone

= 4.3
πŸ“¦
Plone

Plone

= 4.3.1
πŸ“¦
Plone

Plone

= 4.3.2
πŸ“¦
Plone

Plone

= 4.3.3
πŸ“¦
Plone

Plone

= 4.3.4
πŸ“¦
Plone

Plone

= 4.3.5
πŸ“¦
Plone

Plone

= 4.3.6
πŸ“¦
Plone

Plone

= 4.3.7
πŸ“¦
Plone

Plone

= 4.3.8
πŸ“¦
Plone

Plone

= 4.3.9
πŸ“¦
Plone

Plone

= 4.3.10
πŸ“¦
Plone

Plone

= 4.3.11
πŸ“¦
Plone

Plone

= 4.3.12
πŸ“¦
Plone

Plone

= 4.3.14
πŸ“¦
Zope

Zope Management Interface

<= 4.3.7

References & Advisories

πŸ”— http://packetstormsecurity.com/files/133889/Zope-Management-Interface-4.3.7-Cross-Site-Request-Forgery.html
πŸ”— https://plone.org/security/hotfix/20151006
πŸ”— https://pypi.python.org/pypi/plone4.csrffixes
πŸ”— https://www.exploit-db.com/exploits/38411/
πŸ”— http://packetstormsecurity.com/files/133889/Zope-Management-Interface-4.3.7-Cross-Site-Request-Forgery.html
πŸ”— https://plone.org/security/hotfix/20151006
πŸ”— https://pypi.python.org/pypi/plone4.csrffixes
πŸ”— https://www.exploit-db.com/exploits/38411/

Related Vulnerabilities

CVE-2008-139310.0

Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for...

CVE-2021-335099.9

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText...

CVE-2020-79419.8

A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content wit...

CVE-2020-351909.8

The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. Syste...