EUVD-2022-4607

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Plone CMS prior to version 3 exposes base64 encoded credentials in cookies, risking user account compromise

Reporter	Title	Published	Views	Family All 8
CVE	CVE-2008-1394	20 Mar 200800:00	–	cve
Cvelist	CVE-2008-1394	20 Mar 200800:00	–	cvelist
Github Security Blog	Plone CMS Improper Session Management	1 May 202223:39	–	github
NVD	CVE-2008-1394	20 Mar 200800:44	–	nvd
OSV	GHSA-MQ3Q-JJPH-RP5P Plone CMS Improper Session Management	1 May 202223:39	–	osv
Prion	Default credentials	20 Mar 200800:44	–	prion
RedhatCVE	CVE-2008-1394	4 Oct 201922:00	–	redhatcve
UbuntuCve	CVE-2008-1394	20 Mar 200800:44	–	ubuntucve

[
  {
    "enisaIdVendor": [
      {
        "id": "b521f9c8-7005-3be6-9760-7074930a4a6b",
        "vendor": {
          "name": "n/a"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "b9fdc7fc-ea6d-3e30-9b1e-ecdc8ed5e988",
        "product": {
          "name": "n/a"
        },
        "product_version": "n/a"
      }
    ]
  }
]

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2008-1394
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/41425
github	www.github.com/plone/Plone
plone	www.plone.org/about/security/overview/security-overview-of-plone
securityreason	www.securityreason.com/securityalert/3754
procheckup	www.procheckup.com/Hacking_Plone_CMS.pdf
securityfocus	www.securityfocus.com/archive/1/489544/100/0/threaded
plone	www.plone.org/about/security/overview/security-overview-of-plone/

03 Oct 2025 20:07Current

6.5Medium risk

Vulners AI Score6.5

CVSS 27.5

EPSS0.00798

plone cms vulnerability network security cookies credentials