Description
Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects.
Remediation
References
Related Vulnerabilities
MySQL CVE-2017-3651 Vulnerability (CVE-2017-3651)
WebLogic Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2020-28491)
WordPress 4.7.x PHP Object Injection (4.7 - 4.7.20)
Joomla! Core 1.5.x Variable Injection (1.5.0 - 1.5.6)
YOURLS Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2021-3734)