Vulnerability Database

290,018

Total vulnerabilities in the database

CVE-2008-1393

Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for the admin account, which makes it easier for remote attackers to obtain administrative privileges by sniffing the network.

  • Published: Mar 20, 2008
  • Updated: Apr 13, 2023
  • CVE: CVE-2008-1393
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 10
  • AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

Software From Fixed in
plone / plone_cms - 3.x
plone / plone_cms - 3.0.5.x