Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Plone CMS Missing Authentication for Critical Function Vulnerability (CVE-2020-35190)

Description

The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. System using the plone docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.

Remediation

References

Related Vulnerabilities

WordPress Plugin Absolute Reviews Cross-Site Request Forgery (1.0.8)

WordPress Plugin GiveWP-Donation and Fundraising Platform Security Bypass (2.5.4)

WebLogic CVE-2019-2646 Vulnerability (CVE-2019-2646)

WordPress Plugin Front End Upload 'upload.php' Arbitrary File Upload (0.5.3)

WordPress Plugin Super CAPTCHA 'admin.php' SQL Injection (2.2.4)

Severity

Critical

Classification

CVE-2020-35190 CWE-306 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities