Remote Code Execution Vulnerability in Plone CMS by Plone Foundation
CVE-2008-1393

Currently unrated

Key Information:

Vendor

Plone

Status
Plone Cms
Vendor
CVE Published:
20 March 2008

What is CVE-2008-1393?

Plone CMS version 3.0.5, as well as potentially other 3.x versions, includes a security flaw where the administrator's username and password are stored in base64 encoded format within the __ac cookie. This practice significantly increases the risk of unauthorized access since an attacker can exploit this vulnerability through network sniffing, allowing them to gain administrative privileges and potentially compromise the integrity of the entire site.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://securityreason.com/securityalert/3754
third-party-advisoryx_refsource_SREASON
http://www.securityfocus.com/archive/1/489544/100/0/threaded
mailing-listx_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/41427
vdb-entryx_refsource_XF

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.