PloneFormGen Arbitrary Code Execution Vulnerability Network Vulnerability

Summary

PloneFormGen is prone to an arbitrary code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code within the context of the application. PloneFormGen 1.7.4 through 1.7.8 are vulnerable other versions may also be affected.

Solution

Updates are available. Please see the references or vendor advisory for more information.

References

http://plone.org/
http://www.securityfocus.com/bid/60247

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 9.0 AV:N/AC:L/Au:N/C:C/I:P/A:P

Related Vulnerabilities

Acidcat CMS Multiple Vulnerabilities
Andy's PHP Knowledgebase 's' Parameter SQL Injection Vulnerability
ATutor < 1.5.1-pl1 Multiple Flaws
b2ePMS Multiple SQL Injection Vulnerabilities
ASP Inline Corporate Calendar SQL injection

Take action and discover your vulnerabilities