Description

Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.

Remediation

References

CVE-2001-1278

Related Vulnerabilities

WordPress Plugin GiveWP-Donation and Fundraising Platform Security Bypass (2.5.4)

Jboss EAP Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-12617)

WordPress Credentials Management Errors Vulnerability (CVE-2009-2762)

WordPress Plugin SAML SP Single Sign On-SSO login Unspecified Vulnerability (4.8.75)

WordPress Plugin Tweet Wheel Multiple Cross-Site Scripting Vulnerabilities (1.0.3.2)

Severity

High

Classification

CVE-2001-1278

Tags

Missing Update Known Vulnerabilities