CVE-2013-4200

Plone 2.1-4.1, 4.2-4.2.5, 4.3-4.3.1 - Open Redirect via Space-Prefixed URL in 'next' Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-4200. PoCs published by Cyrill Bannwart.

AI-analyzed exploit summary The provided text describes a session-hijacking vulnerability in Plone, where an attacker can exploit improper session handling to gain unauthorized access. It references a specific URL path that triggers the vulnerability and includes a note about its prior documentation.

Description

The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allow_external_login_sites filtering property, redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the "next" parameter to acl_users/credentials_cookie_auth/require_login.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Cyrill Bannwart · textwebappspython

https://www.exploit-db.com/exploits/38738

View Code ZIP pw:eip

The provided text describes a session-hijacking vulnerability in Plone, where an attacker can exploit improper session handling to gain unauthorized access. It references a specific URL path that triggers the vulnerability and includes a note about its prior documentation.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Theoretical

Target: Plone (version not specified)

No auth needed

Prerequisites: Access to the target Plone instance · Ability to craft a malicious URL

MITRE ATT&CK

T1550.001 - Application Access Token

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5

Core References

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2013/08/01/2

Vendor Advisory x_refsource_confirm

http://plone.org/products/plone/security/advisories/20130618-announcement

Patch x_refsource_confirm

http://plone.org/products/plone-hotfix/releases/20130618

Issue Tracking x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4200

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/530787/100/0/threaded

Scores

EPSS 0.0534

EPSS Percentile 90.3%

Details

CWE

CWE-264

Status published

Products (47)

plone/plone 2.1

plone/plone 2.1.1

plone/plone 2.1.2

plone/plone 2.1.3

plone/plone 2.1.4

plone/plone 3.0

plone/plone 3.0.1

plone/plone 3.0.2

plone/plone 3.0.3

plone/plone 3.0.4

... and 37 more

Published Jan 21, 2014

Tracked Since Feb 18, 2026