|
|
CVE Reference: CVE-2008-0164 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-0164 |
|
|
Description: Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CMS 3.0.5 and 3.0.6 allow remote attackers to (1) add arbitrary accounts via the join_form page and (2) change the privileges of arbitrary groups via the prefs_groups_overview page. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/41263 SREASON http://securityreason.com/securityalert/3754 SAID Secunia Advisory: SA29361 MISC http://www.procheckup.com/Hacking_Plone_CMS.pdf http://plone.org/about/security/advisories/cve-2008-0164 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/489544/100/0/threaded |
|
| Return to the previous page. |
