CVE-2000-0725

CVE Database · CVE-2000-0725

CVE-2000-0725

· N/AModified

CVSS v3.1

N/A

EPSS

0.47%

Published

Oct 20, 2000

Modified

Apr 15, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.

Affected Products (4)

zope · zopevulnerable

References (12)

http://archives.neohapsis.com/archives/bugtraq/2000-08/0198.html

PatchVendor Advisory

http://archives.neohapsis.com/archives/bugtraq/2000-08/0259.html

Patch

http://www.debian.org/security/2000/20000821

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2000-052.html

http://www.securityfocus.com/bid/1577

PatchVendor Advisory

http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert

http://archives.neohapsis.com/archives/bugtraq/2000-08/0198.html

Patch

KEV Catalog EPSS Scores Vendors All CVEs