Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.
Max CVSS
9.9
EPSS Score
0.33%
Published
2021-05-21
Updated
2021-05-24
The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. System using the plone docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
Max CVSS
10.0
EPSS Score
0.66%
Published
2020-12-17
Updated
2020-12-18
The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.
Max CVSS
9.3
EPSS Score
0.77%
Published
2011-10-10
Updated
2011-10-30
CVE-2011-3587
Public exploit
Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.
Max CVSS
9.3
EPSS Score
96.89%
Published
2011-10-10
Updated
2011-10-21
4 vulnerabilities found