CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2020-7939

HIGH
8.8
CVSS Severity Score
EPSS Score0.1030%
EPSS Percentile33.15th
Published2020年1月23日
Last Modified2024年11月21日

Vulnerability Description

SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.)

Affected Platforms (CPE)

📦
Plone

Plone

>= 4.0.0 and <= 5.2.1

References & Advisories

🔗 http://www.openwall.com/lists/oss-security/2020/01/24/1
🔗 https://plone.org/security/hotfix/20200121
🔗 https://plone.org/security/hotfix/20200121/sql-injection-in-dtml-or-in-connection-objects
🔗 https://www.openwall.com/lists/oss-security/2020/01/22/1
🔗 http://www.openwall.com/lists/oss-security/2020/01/24/1
🔗 https://plone.org/security/hotfix/20200121
🔗 https://plone.org/security/hotfix/20200121/sql-injection-in-dtml-or-in-connection-objects
🔗 https://www.openwall.com/lists/oss-security/2020/01/22/1

相關漏洞威脅

CVE-2008-139310.0

Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for...

CVE-2021-335099.9

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText...

CVE-2020-79419.8

A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content wit...

CVE-2020-351909.8

The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. Syste...