A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.
Max CVSS
9.8
EPSS Score
0.37%
Published
2020-01-23
Updated
2021-07-21
Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.
Max CVSS
5.9
EPSS Score
0.30%
Published
2017-09-25
Updated
2017-10-03
2 vulnerabilities found