CyberSec.Space Logo
返回 CVE 浏览器

CVE-2015-7293

HIGH
8.8
CVSS Severity Score
EPSS Score0.0420%
EPSS Percentile13.90th
Published2017年9月25日
Last Modified2026年5月13日

Vulnerability Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.

Affected Platforms (CPE)

📦
Plone

Plone

= 3.3
📦
Plone

Plone

= 3.3.1
📦
Plone

Plone

= 3.3.2
📦
Plone

Plone

= 3.3.3
📦
Plone

Plone

= 3.3.4
📦
Plone

Plone

= 3.3.5
📦
Plone

Plone

= 3.3.6
📦
Plone

Plone

= 4.0
📦
Plone

Plone

= 4.0.1
📦
Plone

Plone

= 4.0.2
📦
Plone

Plone

= 4.0.3
📦
Plone

Plone

= 4.0.4
📦
Plone

Plone

= 4.0.5
📦
Plone

Plone

= 4.0.7
📦
Plone

Plone

= 4.0.8
📦
Plone

Plone

= 4.0.9
📦
Plone

Plone

= 4.0.10
📦
Plone

Plone

= 4.1
📦
Plone

Plone

= 4.1.1
📦
Plone

Plone

= 4.1.2
📦
Plone

Plone

= 4.1.3
📦
Plone

Plone

= 4.1.4
📦
Plone

Plone

= 4.1.5
📦
Plone

Plone

= 4.1.6
📦
Plone

Plone

= 4.2
📦
Plone

Plone

= 4.2.1
📦
Plone

Plone

= 4.2.2
📦
Plone

Plone

= 4.2.3
📦
Plone

Plone

= 4.2.4
📦
Plone

Plone

= 4.2.5
📦
Plone

Plone

= 4.2.6
📦
Plone

Plone

= 4.2.7
📦
Plone

Plone

= 4.3
📦
Plone

Plone

= 4.3.1
📦
Plone

Plone

= 4.3.2
📦
Plone

Plone

= 4.3.3
📦
Plone

Plone

= 4.3.4
📦
Plone

Plone

= 4.3.5
📦
Plone

Plone

= 4.3.6
📦
Plone

Plone

= 4.3.7
📦
Plone

Plone

= 4.3.8
📦
Plone

Plone

= 4.3.9
📦
Plone

Plone

= 4.3.10
📦
Plone

Plone

= 4.3.11
📦
Plone

Plone

= 4.3.12
📦
Plone

Plone

= 4.3.14
📦
Zope

Zope Management Interface

<= 4.3.7

References & Advisories

🔗 http://packetstormsecurity.com/files/133889/Zope-Management-Interface-4.3.7-Cross-Site-Request-Forgery.html
🔗 https://plone.org/security/hotfix/20151006
🔗 https://pypi.python.org/pypi/plone4.csrffixes
🔗 https://www.exploit-db.com/exploits/38411/
🔗 http://packetstormsecurity.com/files/133889/Zope-Management-Interface-4.3.7-Cross-Site-Request-Forgery.html
🔗 https://plone.org/security/hotfix/20151006
🔗 https://pypi.python.org/pypi/plone4.csrffixes
🔗 https://www.exploit-db.com/exploits/38411/

相关漏洞威胁

CVE-2008-139310.0

Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for...

CVE-2021-335099.9

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText...

CVE-2020-79419.8

A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content wit...

CVE-2020-351909.8

The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. Syste...