Medium severity5.9NVD Advisory· Published Sep 25, 2017· Updated Jun 17, 2026
CVE-2015-7315
CVE-2015-7315
Description
Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Products.CMFPlonePyPI | >= 3.3.0, < 4.3.7 | 4.3.7 |
Products.CMFPlonePyPI | >= 5.0a1, < 5.0rc2 | 5.0rc2 |
PlonePyPI | >= 3.3, <= 3.3.6 | — |
PlonePyPI | >= 4.0a1, <= 4.0.10 | — |
PlonePyPI | >= 4.1a1, <= 4.1.6 | — |
PlonePyPI | >= 4.2a1, <= 4.2.7 | — |
PlonePyPI | >= 4.3a1, <= 4.3.6 | — |
Affected products
42cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*+ 39 more
- cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*
- ghsa-coords2 versions
>= 3.3, <= 3.3.6+ 1 more
- (no CPE)range: >= 3.3, <= 3.3.6
- (no CPE)range: >= 3.3.0, < 4.3.7
Patches
Vulnerability mechanics
References
10- www.openwall.com/lists/oss-security/2015/09/22/13nvdMailing ListPatchThird Party AdvisoryWEB
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party AdvisoryWEB
- github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406nvdIssue TrackingPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-984m-rj28-8c6xghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-7315ghsaADVISORY
- plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-membersnvdVendor AdvisoryWEB
- github.com/plone/Products.CMFPlone/commit/1845b0a92312291811b68907bf2aa0fb448c4016ghsaWEB
- github.com/plone/Products.CMFPlone/commit/9f0111f85cd14f3f067044b59b93e2856c99d542ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-52.yamlghsaWEB
- pypi.org/project/Products.PloneHotfix20150910ghsaWEB
News mentions
0No linked articles in our index yet.