CVE-2015-7315: Anonymous is able to create Plone members

September 25, 2017 (updated October 3, 2017)

A vulnerability that allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.

References

github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406
plone.org/security/20150910
plone.org/security/20150910/anonymous-is-able-to-create-plone-members
pypi.python.org/pypi/Products.PloneHotfix20150910

Code Behaviors & Features

Detect and mitigate CVE-2015-7315 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →