CVE-2015-7315

Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.

Published: Sep 25, 2017
Updated: Apr 13, 2023
CVE: CVE-2015-7315
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.9
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-284

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
plone / plone	3.3	3.3.x
plone / plone	4.3.3	4.3.3.x
plone / plone	4.0.5	4.0.5.x
plone / plone	4.3.6	4.3.6.x
plone / plone	4.2.3	4.2.3.x
plone / plone	4.0.2	4.0.2.x
plone / plone	3.3.5	3.3.5.x
plone / plone	4.3.5	4.3.5.x
plone / plone	4.3	4.3.x
plone / plone	4.2.2	4.2.2.x
plone / plone	4.0.8	4.0.8.x
plone / plone	3.3.4	3.3.4.x
plone / plone	4.0.7	4.0.7.x
plone / plone	3.3.2	3.3.2.x
plone / plone	4.2.7	4.2.7.x
plone / plone	4.2.5	4.2.5.x
plone / plone	4.1.6	4.1.6.x
plone / plone	4.0.4	4.0.4.x
plone / plone	4.3.4	4.3.4.x
plone / plone	4.0.9	4.0.9.x
plone / plone	4.1.3	4.1.3.x
plone / plone	4.1	4.1.x
plone / plone	3.3.1	3.3.1.x
plone / plone	4.1.4	4.1.4.x
plone / plone	4.0.10	4.0.10.x
plone / plone	5.0-rc1	5.0-rc1.x
plone / plone	4.0	4.0.x
plone / plone	4.1.2	4.1.2.x
plone / plone	4.1.5	4.1.5.x
plone / plone	4.3.1	4.3.1.x
plone / plone	4.2.6	4.2.6.x
plone / plone	4.0.1	4.0.1.x
plone / plone	4.1.1	4.1.1.x
plone / plone	4.2.4	4.2.4.x
plone / plone	3.3.6	3.3.6.x
plone / plone	3.3.3	3.3.3.x
plone / plone	4.0.3	4.0.3.x
plone / plone	4.3.2	4.3.2.x
plone / plone	4.2	4.2.x
plone / plone	4.2.1	4.2.1.x

Vulnerability Database

289,784

CVE-2015-7315