PT-2020-19861 · Zope · Plone

Damiano Esposito

Published

2020-01-23

Updated

2022-05-24

CVE-2020-7939

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Plone versions 4.0 through 5.2.1

Description The issue allows users to perform unwanted SQL queries due to SQL Injection in DTML or in connection objects. This problem is related to Zope.

Recommendations For Plone versions 4.0 through 5.2.1, update to a version that contains a fix for this issue to prevent unwanted SQL queries.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2020-7939

GHSA-HHMF-7RGG-GCW5

PYSEC-2020-88

Affected Products

Plone

PT-2020-19861 · Zope · Plone

CVE-2020-7939

Weakness Enumeration

Related Identifiers

Affected Products

References · 10