Description

The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.

Remediation

References

CVE-2012-5487

Related Vulnerabilities

WordPress Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2016-10045)

MODX Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-26149)

WordPress Plugin White Label CMS Cross-Site Scripting (2.2.8)

WordPress Plugin Anti-Malware Security and Brute-Force Firewall Local File Inclusion (4.18.63)

WordPress Plugin PhotoXhibit Multiple Cross-Site Scripting Vulnerabilities (2.1.8)

Severity

High

Classification

CVE-2012-5487 CWE-264

Tags

Missing Update Known Vulnerabilities