High severityNVD Advisory· Published Mar 20, 2008· Updated Apr 23, 2026
CVE-2008-0164
CVE-2008-0164
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CMS 3.0.5 and 3.0.6 allow remote attackers to (1) add arbitrary accounts via the join_form page and (2) change the privileges of arbitrary groups via the prefs_groups_overview page.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
PlonePyPI | < 3.1 | 3.1 |
Affected products
2cpe:2.3:a:plone:plone_cms:3.0.5:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:plone:plone_cms:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone_cms:3.0.6:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- www.procheckup.com/Hacking_Plone_CMS.pdfnvdExploitWEB
- secunia.com/advisories/29361nvdVendor Advisory
- github.com/advisories/GHSA-4j3w-g62x-hrcpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2008-0164ghsaADVISORY
- plone.org/about/security/advisories/cve-2008-0164nvdWEB
- plone.org/products/plone-hotfix/releases/CVE-2008-0164ghsaWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/41263nvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2008-14.yamlghsaWEB
- securityreason.com/securityalert/3754nvd
- www.securityfocus.com/archive/1/489544/100/0/threadednvd
News mentions
0No linked articles in our index yet.