Description
Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method.
Remediation
References
Related Vulnerabilities
SharePoint CVE-2023-24954 Vulnerability (CVE-2023-24954)
WebLogic CVE-2016-0638 Vulnerability (CVE-2016-0638)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-10969)
WordPress Plugin WP Statistics SQL Injection (12.0.7)
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5505)