CVE-2011-0720

critical

Description

Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/65099

http://www.vupen.com/english/advisories/2011/0796

http://www.securitytracker.com/id?1025258

http://www.securityfocus.com/bid/46102

http://www.redhat.com/support/errata/RHSA-2011-0394.html

http://www.redhat.com/support/errata/RHSA-2011-0393.html

http://secunia.com/advisories/43914

http://secunia.com/advisories/43146

http://plone.org/products/plone/security/advisories/cve-2011-0720

http://osvdb.org/70753

Details

Source: Mitre, NVD

Published: 2011-02-03

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

CVSS v4

Base Score: 9.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N