Description

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.

Remediation

References

CVE-2021-33509

Related Vulnerabilities

WordPress Plugin Sidekick Multiple Unspecified Vulnerabilities (2.2.1)

PrestaShop Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3796)

WordPress Plugin Slider Revolution Responsive Arbitrary File Upload (3.0.95)

Opencart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-21514)

WordPress Plugin FCChat Widget 'path' Parameter Cross-Site Scripting (2.1.7)

Severity

Critical

Classification

CVE-2021-33509 CWE-732 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities