Description

Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.

Remediation

References

CVE-2006-3458

Related Vulnerabilities

WordPress Plugin WP e-Commerce-Store Exporter Privilege Escalation (1.6.6)

WordPress Plugin 404page-your smart custom 404 error page Cross-Site Request Forgery (10.3)

IBM Lotus Domino web server Cross-Site Scripting vulnerabilities

Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11813)

Nexus Repository Manager Server-Side Request Forgery (SSRF) Vulnerability (CVE-2022-27907)

Severity

Low

Classification

CVE-2006-3458

Tags

Missing Update Known Vulnerabilities