Description

Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).

Remediation

References

CVE-2020-28735

Related Vulnerabilities

WebLogic CVE-2017-10336 Vulnerability (CVE-2017-10336)

WordPress Plugin ComicPress Manager 'lang' Parameter Cross-Site Scripting (1.4.9.9)

MySQL Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2005-0709)

WordPress Plugin Britetechs Companion Malicious Code (2.2.7)

Oracle Database Server CVE-2020-2516 Vulnerability (CVE-2020-2516)

Severity

High

Classification

CVE-2020-28735 CWE-918 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities