CVE-2008-0164 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-0164
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-0164

Description: Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CMS 3.0.5 and 3.0.6 allow remote attackers to (1) add arbitrary accounts via the join_form page and (2) change the privileges of arbitrary groups via the prefs_groups_overview page.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/41263 SREASON http://securityreason.com/securityalert/3754 SAID Secunia Advisory: SA29361 MISC http://www.procheckup.com/Hacking_Plone_CMS.pdf http://plone.org/about/security/advisories/cve-2008-0164 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/489544/100/0/threaded

Return to the previous page.