PYSEC-2008-15

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2008-15.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2008-15

Aliases

CVE-2008-0164
GHSA-4j3w-g62x-hrcp
PYSEC-2008-14

Published

2008-03-20T00:44:00Z

Modified

2026-05-21T15:00:25.415054068Z

Summary

[none]

Details

Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CMS 3.0.5 and 3.0.6 allow remote attackers to (1) add arbitrary accounts via the joinform page and (2) change the privileges of arbitrary groups via the prefsgroups_overview page.

References

http://securityreason.com/securityalert/3754
http://www.securityfocus.com/archive/1/489544/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/41263
http://plone.org/about/security/advisories/cve-2008-0164
http://secunia.com/advisories/29361
http://www.procheckup.com/Hacking_Plone_CMS.pdf

Affected packages

PyPI / plone

Package

Name: plone; View open source insights on deps.dev
Purl: pkg:pypi/plone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.5

Last affected

3.0.6

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2008-15.yaml"