Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1oaG1mLTdyZ2ctZ2N3Nc4AAjY6

High CVSS: 8.7 EPSS: 0.00509% (0.65406 Percentile) EPSS:
Permalink JSON

Plone SQL Injection Vulnerability

Affected Packages Affected Versions Fixed Versions
pypi:Plone >= 4.0, <= 5.2.1 No known fixed version
5 Dependent packages
7 Dependent repositories
14,728 Downloads last month

Affected Version Ranges

All affected versions

4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.3.8, 4.3.9, 4.3.10, 4.3.11, 4.3.12, 4.3.13, 4.3.14, 4.3.15, 4.3.16, 4.3.17, 4.3.18, 4.3.19, 4.3.20, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.0, 5.2.1

SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.)

References:

Identifiers

GHSA-hhmf-7rgg-gcw5

CVE-2020-7939

Risk

Severity

High

CVSS

CVSS Score: 8.7

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS

EPSS Percentage: 0.00509

EPSS Percentile: 0.65406

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Date and time

Published

about 3 years ago

Updated

10 months ago

API

JSON