CVE-2015-7293

Published: Sep 25, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.

Affected (47)

Products: Plone: Plone · Zope: Zope Management Interface

1 product

1 product

Zope Management Interface

Configuration A

46 vulnerable

Vulnerable Software	Affected Versions
Plone Plone	Version 3.3.1
Plone Plone	Version 3.3.2
Plone Plone	Version 3.3.3
Plone Plone	Version 3.3.4
Plone Plone	Version 3.3.5
Plone Plone	Version 3.3.6
Plone Plone	Version 3.3
Plone Plone	Version 4.0.10
Plone Plone	Version 4.0.1
Plone Plone	Version 4.0.2
Plone Plone	Version 4.0.3
Plone Plone	Version 4.0.4
Plone Plone	Version 4.0.5
Plone Plone	Version 4.0.7
Plone Plone	Version 4.0.8
Plone Plone	Version 4.0.9
Plone Plone	Version 4.0
Plone Plone	Version 4.1.1
Plone Plone	Version 4.1.2
Plone Plone	Version 4.1.3
Plone Plone	Version 4.1.4
Plone Plone	Version 4.1.5
Plone Plone	Version 4.1.6
Plone Plone	Version 4.1
Plone Plone	Version 4.2.1
Plone Plone	Version 4.2.2
Plone Plone	Version 4.2.3
Plone Plone	Version 4.2.4
Plone Plone	Version 4.2.5
Plone Plone	Version 4.2.6
Plone Plone	Version 4.2.7
Plone Plone	Version 4.2
Plone Plone	Version 4.3.10
Plone Plone	Version 4.3.11
Plone Plone	Version 4.3.12
Plone Plone	Version 4.3.14
Plone Plone	Version 4.3.1
Plone Plone	Version 4.3.2
Plone Plone	Version 4.3.3
Plone Plone	Version 4.3.4
Plone Plone	Version 4.3.5
Plone Plone	Version 4.3.6
Plone Plone	Version 4.3.7
Plone Plone	Version 4.3.8
Plone Plone	Version 4.3.9
Plone Plone	Version 4.3

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Zope Zope Management Interface	Up to 4.3.7

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (8)

http://packetstormsecurity.com/files/133889/Zope-Management-Interface-4.3.7-Cross-Site-Request-Forgery.html

Source: cret@cert.org

ExploitThird Party AdvisoryVDB Entry

https://plone.org/security/hotfix/20151006

Source: cret@cert.org

Vendor Advisory

https://pypi.python.org/pypi/plone4.csrffixes

Source: cret@cert.org

Third Party Advisory

https://www.exploit-db.com/exploits/38411/

Source: cret@cert.org

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/133889/Zope-Management-Interface-4.3.7-Cross-Site-Request-Forgery.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://plone.org/security/hotfix/20151006

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://pypi.python.org/pypi/plone4.csrffixes

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.exploit-db.com/exploits/38411/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.