CVE-2008-0164

unknown

Published 2022-05-01 · Modified 2026-05-21

CVSS v3

—

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2

—

VIR risk

—

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CMS 3.0.5 and 3.0.6 allow remote attackers to (1) add arbitrary accounts via the join_form page and (2) change the privileges of arbitrary groups via the prefs_groups_overview page.

Predictions

Exploit likelihood

30%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Package impact

Ecosystem	Package	Vulnerable	Fixed
PyPI	plone	`<3.1`	`3.1`
PyPI	plone	`>=3.0.5,<=3.0.6`

References

https://nvd.nist.gov/vuln/detail/CVE-2008-0164
https://exchange.xforce.ibmcloud.com/vulnerabilities/41263
https://github.com/plone/Plone
https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2008-14.yaml
http://plone.org/about/security/advisories/cve-2008-0164
http://plone.org/products/plone-hotfix/releases/CVE-2008-0164
http://www.procheckup.com/Hacking_Plone_CMS.pdf
http://secunia.com/advisories/29361
http://securityreason.com/securityalert/3754
http://www.securityfocus.com/archive/1/489544/100/0/threaded

Verify integrity in audit chain (admin only). AS-IS.