Description

Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile action to Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions.

Remediation

References

CVE-2016-7135

Related Vulnerabilities

LimeSurvey Deserialization of Untrusted Data Vulnerability (CVE-2018-17057)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1000410)

MediaWiki CVE-2021-30159 Vulnerability (CVE-2021-30159)

WordPress Plugin Keep Backup Daily Unspecified Vulnerability (2.0.3)

MyBB CVE-2015-2352 Vulnerability (CVE-2015-2352)

Severity

Medium

Classification

CVE-2016-7135 CWE-22 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities